Peter Eisentraut wrote: > Magnus Hagander wrote: > > This one makes it mandatory to pick some kind of authentication. If > > that's not wanted, it's easy to change it to default to trust (which > > I think is wrong, but we've been through that already..) > > I don't think I like any of this. Sooner rather than later, people need > to look at pg_hba.conf and think about it. I don't like switches that > induce them to skip that step. And I certainly don't like forcing > extra switches on users that just try out an installation locally. > > I would be in favor of making everything supertight and secure by > default, no questions asked. The is a definable goal. But as long as > there is no agreement on that, let's not create illusions in that > direction while inconveniencing a bunch of people for little gain.
I think the basic problem is that right now there is no way to do an initdb and have it be secure _before_ you edit pg_hba.conf. That isn't acceptable. If I am on an insecure machine, the window if time between initdb and editing of pg_hba.conf is pretty bad. I could edit pg_hba.conf.sample, but then I am editing a sample file. I think Magnus's patch takes us closer to secure. I do agree that by default we shouldn't require any flag and install unsecure and issue a warning. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend