bubblboy wrote: > Hi, > > After following the postgresql tutorial for setting up a postgresql > server [1] I noticed that I could log in without entering my password. > The documentation did not tell me this (maybe I overlooked it), > eventhough it does show you how to create roles with passwords. In my > opinion it would be a good idea to include a warning like "the default > installation trusts everybody that can make a connection to the > database" because it could lead to some (problematic) confusions. > > I didn't check extensively in the docs to see if there actually was such > a warning, particularly because I felt that if there was, it was > probably not prominent enough (or I would have noticed). Sorry if there > was indeed a big warning splattered over the tutorial somewhere.
The tutorial indeed neglects warning you about that, but initdb doesn't. It outputs these lines WARNING: enabling "trust" authentication for local connections You can change this by editing pg_hba.conf or using the -A option the next time you run initdb. Maybe this is not strong enough, or not scary enough? -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
