Re: Online documentation unclear about authentication defaults
От | Bruce Momjian |
---|---|
Тема | Re: Online documentation unclear about authentication defaults |
Дата | |
Msg-id | 200702191857.l1JIvj928551@momjian.us обсуждение исходный текст |
Ответ на | Re: Online documentation unclear about authentication defaults (bubblboy <bubblboy@gmail.com>) |
Список | pgsql-docs |
I have updated the documentation to clarify that initdb -A or editing pg_hba.conf is required if you do not trust local users --- patch attached. --------------------------------------------------------------------------- bubblboy wrote: > Alvaro Herrera wrote: > > bubblboy wrote: > >> Hi, > >> > >> After following the postgresql tutorial for setting up a postgresql > >> server [1] I noticed that I could log in without entering my password. > >> The documentation did not tell me this (maybe I overlooked it), > >> eventhough it does show you how to create roles with passwords. In my > >> opinion it would be a good idea to include a warning like "the default > >> installation trusts everybody that can make a connection to the > >> database" because it could lead to some (problematic) confusions. > >> > >> I didn't check extensively in the docs to see if there actually was such > >> a warning, particularly because I felt that if there was, it was > >> probably not prominent enough (or I would have noticed). Sorry if there > >> was indeed a big warning splattered over the tutorial somewhere. > > > > The tutorial indeed neglects warning you about that, but initdb doesn't. > > It outputs these lines > > > > WARNING: enabling "trust" authentication for local connections > > You can change this by editing pg_hba.conf or using the -A option the > > next time you run initdb. > > > > > > Maybe this is not strong enough, or not scary enough? > > Hmm, > > You are right, I ran initdb a few weeks ago and continued today. > Personally, I would say that it wouldn't be a bad idea to include a > second warning in the documentation nonetheless, just to emphasize it > (or maybe make the initdb message a little more prominent - who knows). > I can imagine that I saw all that output and thought "oh well, I'm > following the tutorial so this won't be very interesting", but maybe > (probably) that's just plain stupid :) > > Greetings, > bb > > ---------------------------(end of broadcast)--------------------------- > TIP 3: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faq -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. + Index: doc/src/sgml/installation.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v retrieving revision 1.283 diff -c -c -r1.283 installation.sgml *** doc/src/sgml/installation.sgml 17 Feb 2007 01:26:24 -0000 1.283 --- doc/src/sgml/installation.sgml 19 Feb 2007 18:55:50 -0000 *************** *** 482,487 **** --- 482,494 ---- <step> <para> + Restore your previous <filename>pg_hba.conf</> and any + <filename>postgresql.conf</> modifications. + </para> + </step> + + <step> + <para> Start the database server, again from the special database user account: <programlisting> *************** *** 1619,1629 **** </para> </step> <step> <para> ! The previous step should have told you how to start up the ! database server. Do so now. The command should look something ! like: <programlisting> /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data </programlisting> --- 1626,1645 ---- </para> </step> + <step + <para> + At this point, if you did not use the <command>initdb</> <literal>-A</> + option, you might want to modify <filename>pg_hba.conf</> to control + local access to the server before you start it. The default is to + trust all local users. + </para> + </step> + <step> <para> ! The previous <command>initdb</> step should have told you how to ! start up the database server. Do so now. The command should look ! something like: <programlisting> /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data </programlisting>
В списке pgsql-docs по дате отправления: