Re: Use "samehost" by default in pg_hba.conf?
| От | Mark Mielke |
|---|---|
| Тема | Re: Use "samehost" by default in pg_hba.conf? |
| Дата | |
| Msg-id | 4AC4BE1B.1090306@mark.mielke.cc обсуждение исходный текст |
| Ответ на | Re: Use "samehost" by default in pg_hba.conf? ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>) |
| Список | pgsql-hackers |
On 10/01/2009 10:24 AM, Kevin Grittner wrote: > Trust authentication has a few valid use cases, but it does tend to > worry me that people may leave it enabled in inappropriate situations > on production clusters. I don't see how we could get rid of it, but > I'd be OK with a warning in the log when a pg_hba.conf file is > processed which contains any trust entries. I don't think "trust" needs to be removed entirely - it is a valid option for demos or training sessions perhaps. By using the word "abolishing", I might have created the wrong impression. I just meant the default pg_hba.conf having "trust" has always seemed to be a really bad thing to me. If people already have pg_hba.conf with "trust", I see no reason to stop them. If a new user tries using PostgreSQL for the first time - I think the default configuration they encounter should be conservative and usable out of the box. I can see how "samehost" fits into this picture. I don't see how "trust" fits into this picture. Does anybody seriously recommend "trust" to newbies for production use? Shouldn't the default pg_hba.conf represent a conservative recommendation from the pgsql developers? Cheers, mark -- Mark Mielke<mark@mielke.cc>
В списке pgsql-hackers по дате отправления: