> On Sunday 25 November 2001 18:13, Tom Lane wrote:
> > Lincoln Yeoh <lyeoh@pop.jaring.my> writes:
> > > Yeah, by default Postgresql ships practically without any access
> > > controls.
> >
> (...)
> > I do wonder whether we shouldn't list "think about your access controls"
> > as an explicit step in the installation instructions or server startup
> > instructions. The default configuration is definitely uncool on
> > multiuser machines, but a novice might not find that out till too late.
>
> It might be worth explicitly mentioning the following:
>
> 1) use initdb with the -W option, so that a superuser password
> is set during db initialisation and before the server is started;
I have added documentation for the -W flag. You can see it at:
http://216.55.132.35/main/writings/pgsql/sgml/creating-cluster.html
> 2) before starting the server change the appropriate settings
> in pg_hba.conf from 'trusted' to 'password' (or whatever other
> authentication system is to be used).
Also mentioned.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026