Re: [HACKERS] Installation procedure wishest

> Bruce Momjian wrote:
> 
> >
> > >     But if you have choosen the conservative way of beeing a site
> > >     admin, noone will ever tell you if you forgot  to  DISABLE  a
> > >     feature after a 50 hour restore marathon.
> >
> > Yes, the same reason postmaster -i flag is required to enable tcp/ip.
> 
>     That's  a detail I'm in doubt about. Our defaults for AF_UNIX
>     sockets is trust (and AFAIK must  be  because  identd  cannot
>     handle  them).  Thus  any  user who has a local shell account
>     could easily become db user postgres.
> 
>     I think a default of host-localhost-ident-sameuser and giving
>     superusers  the  builtin  right to become everyone would gain
>     higher security.

But can we assume ident is running.  I don't think so.

--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026