Re: Is "trust" really a good default?

> >>No, but none of the others are better.  See previous discussions in
> >>the archives.  I don't think the situation has changed any
> since the
> >>last time we hashed this out.
> >
> > If they supply a password to initdb, shouldn't we then require a
> > password in pg_hba.conf.
>
> This is further to my previous suggestion that we output the
> encoding that is being defaulted to.
>
> NEW USERS DO NOT KNOW THAT -W EXISTS!
>
> Even the majority of experienced users don't!

Exactly...

How about requiring them to put in *either* -W (or --pwfile of course)
*or* a switch that *explicitly* enables trust. And if they don't put in
either of these parameters, refuse to initdb. (are other params
required?) That will at least require a concious decision to enable the
unsafe stuff. And packagers/distributions can add that trust switch if
it's necessary by their packaging system (which arguably is not very
flexible if it does, but I assume this is the reason why the default
wasn't changed - can't find the old discussions in the archives)

This will require initdb to edit pg_hba.conf on the fly and not just
copy it in, but that shuoldn't be too hard.

//Magnus