tom lane wrote: > The bottom line to my mind is that if there were a one-size-fits-all > authentication solution, we'd not have so many to choose from. I don't > think we are doing DBAs any service by pretending that they might not > need to think about their choice of auth method. I could make a good > case that the initial entry ought to be REJECT, so that you get nothing > at all until you've adjusted pg_hba.conf ...
The approach towards security from the default installation seems a little inconsistent, and inconsistency could lead to complacency and danger. The server is default configured to not allow root execution, which is a very good feature, but might lead one to believe that the default installation is secure. The win32 people just received a server drubbing regarding the admin account issue. However, trust based auth from localhost is very insecure out of the box because anybody with shell access can root your database...they can even bring their own psql along for the ride. IMO, forcing su password at initdb time (allowing blank password with a very stern warning) and bumping localhost to auth is the right way to go. As far as RPM's, etc. I don't think RPM considerations should be driving security concerns. Merlin ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html