Re: initdb recommendations

2019-04-08 Thread Jonathan S. Katz
On 4/8/19 8:44 AM, Magnus Hagander wrote: > On Mon, Apr 8, 2019 at 2:41 PM Jonathan S. Katz > wrote: > > On 4/8/19 8:25 AM, Peter Eisentraut wrote: > > On 2019-04-05 18:11, Jonathan S. Katz wrote: > >> +    > >> +      We recommend using the -W, >

Re: initdb recommendations

2019-04-08 Thread Magnus Hagander
On Mon, Apr 8, 2019 at 2:41 PM Jonathan S. Katz wrote: > On 4/8/19 8:25 AM, Peter Eisentraut wrote: > > On 2019-04-05 18:11, Jonathan S. Katz wrote: > >> + > >> + We recommend using the -W, > --pwprompt, > >> + or --pwfile flags to assign a password to the > database > >> + sup

Re: initdb recommendations

2019-04-08 Thread Jonathan S. Katz
On 4/8/19 8:25 AM, Peter Eisentraut wrote: > On 2019-04-05 18:11, Jonathan S. Katz wrote: >> + >> + We recommend using the -W, >> --pwprompt, >> + or --pwfile flags to assign a password to the >> database >> + superuser, and to override the pg_hba.conf >> default >> + gen

Re: initdb recommendations

2019-04-08 Thread Peter Eisentraut
On 2019-04-05 18:11, Jonathan S. Katz wrote: > + > + We recommend using the -W, > --pwprompt, > + or --pwfile flags to assign a password to the database > + superuser, and to override the pg_hba.conf default > + generation using -auth-local peer for local > connections, >

Re: initdb recommendations

2019-04-06 Thread Noah Misch
On Sat, Apr 06, 2019 at 11:35:44AM +0200, Magnus Hagander wrote: > On Fri, Apr 5, 2019 at 10:58 PM Peter Eisentraut > wrote: > > On 2019-04-05 18:11, Jonathan S. Katz wrote: > > > (There could be an additional discussion about whether or not we want to > > > change the default behavior for initdb

Re: initdb recommendations

2019-04-06 Thread Magnus Hagander
On Fri, Apr 5, 2019 at 10:58 PM Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote: > On 2019-04-05 18:11, Jonathan S. Katz wrote: > > (There could be an additional discussion about whether or not we want to > > change the default behavior for initdb, but I would suggest that a safe > > st

Re: initdb recommendations

2019-04-05 Thread Jonathan S. Katz
On 4/5/19 4:58 PM, Peter Eisentraut wrote: > On 2019-04-05 18:11, Jonathan S. Katz wrote: >> (There could be an additional discussion about whether or not we want to >> change the default behavior for initdb, but I would suggest that a safe >> starting point would be to ensure we call this out) >

Re: initdb recommendations

2019-04-05 Thread Peter Eisentraut
On 2019-04-05 18:11, Jonathan S. Katz wrote: > (There could be an additional discussion about whether or not we want to > change the default behavior for initdb, but I would suggest that a safe > starting point would be to ensure we call this out) I think we should just change the defaults. There

initdb recommendations

2019-04-05 Thread Jonathan S. Katz
Given some of the recent hubbub and analysis of CVE entries, one part of the documentation[1] that could be further clarified is what initdb does by default, i.e. creates a cluster where users can connect with trust authentication. While this may be great for people who are hacking or running Postg