Re: Bugtraq: Having Fun With PostgreSQL
| От | Joshua D. Drake |
|---|---|
| Тема | Re: Bugtraq: Having Fun With PostgreSQL |
| Дата | |
| Msg-id | 467611DA.1030804@commandprompt.com обсуждение исходный текст |
| Ответ на | Re: Bugtraq: Having Fun With PostgreSQL (Christopher Browne <cbbrowne@acm.org>) |
| Ответы |
Re: Bugtraq: Having Fun With PostgreSQL
|
| Список | pgsql-hackers |
Christopher Browne wrote:
> The world rejoiced as jd@commandprompt.com ("Joshua D. Drake") wrote:
>> Tom Lane wrote:
>>> We've debated #1 before, and a lot of repackagers change it, but I
>>> don't really feel a strong urge to change it in the source distro.
>>> As for #2, that's not a bug, it's intended behavior.
>> On #1, the fact that we allow trust as default is embarrassing. It
>> would be just as bad as having the default root password be password
>> on a linux box. We should be using md5 and force passing the password
>> with initdb.
>
> That won't help; that would introduce the "embarrassment" of having a
> known default password.
No it wouldn't unless the packagers set it up to do that. My point is
that when a packager (or source) runs initdb, it would prompt for the
postgres user password. Just like when you create a ssh key or cert etc...
Joshua D. Drake
>
> This is a case where it takes careful thought to grasp whether there
> is a problem or not.
>
> If all we do is to shift the embarrassment around, that's not much
> help.
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/
В списке pgsql-hackers по дате отправления: