Re: Is "trust" really a good default?

Tom Lane wrote:
> I don't really see a problem with doing it that way.  People who want
> to use -W are presumably worried about the security of their local
> system, otherwise they would just fire up the postmaster and set a
> password later.

No, that is exactly what I don't agree with.  People might want to 
assign a password just so that the user has one, with the intention of 
configuring non-local password-protected access right after initdb 
finishes.  It's a convenience that you set the password when the user 
is logically created.

> There are of course some questions about how to document this
> effectively, so that it doesn't create more confusion than it avoids.

Yes, that is another thing I'm afraid of.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/