On 7/22/19 3:20 PM, Andrew Dunstan wrote: > > On 7/22/19 3:15 PM, Tom Lane wrote: >> >> Frankly, this episode makes me wonder whether changing the default is >> even a good idea at this point. People who care about security have >> already set up their processes to select a useful-to-them auth option, >> while people who do not care are unlikely to be happy about having >> security rammed down their throats, especially if it results in the >> sort of push-ups we're looking at having to do in the buildfarm. >> I think this has effectively destroyed the argument that only >> trivial adjustments will be required. > > There's a strong tendency these days to be secure by default, so I > understand the motivation.
So perhaps to bring back the idea that spawned this thread[1], as an interim step, we provide some documented recommendations on how to set things up. The original patch has a warning box (and arguably defaulting to "trust" deserves a warning) but could be revised to be inline with the text. Jonathan [1] https://www.postgresql.org/message-id/bec17f0a-ddb1-8b95-5e69-368d9d0a3390%40postgresql.org
signature.asc
Description: OpenPGP digital signature
