Re: [PATCHES] Is "trust" really a good default?
| От | Bruce Momjian |
|---|---|
| Тема | Re: [PATCHES] Is "trust" really a good default? |
| Дата | |
| Msg-id | 200407132300.i6DN0BH15946@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: [PATCHES] Is "trust" really a good default? (Robert Treat <xzilla@users.sourceforge.net>) |
| Список | pgsql-hackers |
Robert Treat wrote: > > Woh, I didn't think we agreed that the default would change from > > 'trust', only that we would now emit a warning and allow other > > authentication methods to be specified at initdb time. > > > > I sure hope not (and that was my understanding as well) > > Incidentally that warning is a little misleading since it isn't just > trust authentication that allows the wide open connections, but the > combo of all users / all dbs / trust that does it. For example on one > of my development machine I have a guest user who only has read access > to a specific database from a limited subnet, but with trust > authentication since random people inside the company will sometimes > want to take a look at what I am cooking up. For my needs I use the > superuser account who can access all databases but must come through > ident on a unix socket. Different strokes for different folks eh? Sure, but the point is that the 'trust' line added by initdb is wide-open. Folks who do that fine-grained control will not get confused by the warning, hopefully. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-hackers по дате отправления: