Tom Lane wrote: > Bruce Momjian <[EMAIL PROTECTED]> writes: > > I think the basic problem is that right now there is no way to do an > > initdb and have it be secure _before_ you edit pg_hba.conf. That isn't > > acceptable. If I am on an insecure machine, the window if time between > > initdb and editing of pg_hba.conf is pretty bad. > > Bruce, you of all people should be aware that there is no such window. > The postmaster *is not running* and cannot accept any hostile > connections if you haven't started it. > > Argue all you like about the potential for novice error, but don't try > to scare us by claiming that it's inherently insecure.
Ah, I forgot about postmaster start. (My scripts do it automatically here.) Maybe we just need to print a warning telling people they should secure pg_hba.conf before starting the postmaster on an insecure machine. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]