Christopher Browne wrote:
The world rejoiced as [EMAIL PROTECTED] ("Joshua D. Drake") wrote:
Tom Lane wrote:

We've debated #1 before, and a lot of repackagers change it, but I
don't really feel a strong urge to change it in the source distro.
As for #2, that's not a bug, it's intended behavior.
On #1, the fact that we allow trust as default is embarrassing. It
would be just as bad as having the default root password be password
on a linux box. We should be using md5 and force passing the password
with initdb.

That won't help; that would introduce the "embarrassment" of having a
known default password.

No it wouldn't unless the packagers set it up to do that. My point is that when a packager (or source) runs initdb, it would prompt for the postgres user password. Just like when you create a ssh key or cert etc...

Joshua D. Drake



This is a case where it takes careful thought to grasp whether there
is a problem or not.

If all we do is to shift the embarrassment around, that's not much
help.


--

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive  PostgreSQL solutions since 1997
             http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to