Christopher Browne wrote:
The world rejoiced as [EMAIL PROTECTED] ("Joshua D. Drake") wrote:
Tom Lane wrote:
We've debated #1 before, and a lot of repackagers change it, but I
don't really feel a strong urge to change it in the source distro.
As for #2, that's not a bug, it's intended behavior.
On #1, the fact that we allow trust as default is embarrassing. It
would be just as bad as having the default root password be password
on a linux box. We should be using md5 and force passing the password
with initdb.
That won't help; that would introduce the "embarrassment" of having a
known default password.
No it wouldn't unless the packagers set it up to do that. My point is
that when a packager (or source) runs initdb, it would prompt for the
postgres user password. Just like when you create a ssh key or cert etc...
Joshua D. Drake
This is a case where it takes careful thought to grasp whether there
is a problem or not.
If all we do is to shift the embarrassment around, that's not much
help.
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
