Re: Online documentation unclear about authentication defaults

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: Online documentation unclear about authentication defaults
Дата
Msg-id 200702191857.l1JIvj928551@momjian.us
обсуждение исходный текст
Ответ на Re: Online documentation unclear about authentication defaults  (bubblboy <bubblboy@gmail.com>)
Список pgsql-docs
I have updated the documentation to clarify that initdb -A or editing
pg_hba.conf is required if you do not trust local users --- patch
attached.

---------------------------------------------------------------------------

bubblboy wrote:
> Alvaro Herrera wrote:
> > bubblboy wrote:
> >> Hi,
> >>
> >> After following the postgresql tutorial for setting up a postgresql
> >> server [1] I noticed that I could log in without entering my password.
> >> The documentation did not tell me this (maybe I overlooked it),
> >> eventhough it does show you how to create roles with passwords. In my
> >> opinion it would be a good idea to include a warning like "the default
> >> installation trusts everybody that can make a connection to the
> >> database" because it could lead to some (problematic) confusions.
> >>
> >> I didn't check extensively in the docs to see if there actually was such
> >> a warning, particularly because I felt that if there was, it was
> >> probably not prominent enough (or I would have noticed). Sorry if there
> >> was indeed a big warning splattered over the tutorial somewhere.
> >
> > The tutorial indeed neglects warning you about that, but initdb doesn't.
> > It outputs these lines
> >
> > WARNING: enabling "trust" authentication for local connections
> > You can change this by editing pg_hba.conf or using the -A option the
> > next time you run initdb.
> >
> >
> > Maybe this is not strong enough, or not scary enough?
>
> Hmm,
>
> You are right, I ran initdb a few weeks ago and continued today.
> Personally, I would say that it wouldn't be a bad idea to include a
> second warning in the documentation nonetheless, just to emphasize it
> (or maybe make the initdb message a little more prominent - who knows).
> I can imagine that I saw all that output and thought "oh well, I'm
> following the tutorial so this won't be very interesting", but maybe
> (probably) that's just plain stupid :)
>
> Greetings,
> bb
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faq

--
  Bruce Momjian  <bruce@momjian.us>          http://momjian.us
  EnterpriseDB                               http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/installation.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v
retrieving revision 1.283
diff -c -c -r1.283 installation.sgml
*** doc/src/sgml/installation.sgml    17 Feb 2007 01:26:24 -0000    1.283
--- doc/src/sgml/installation.sgml    19 Feb 2007 18:55:50 -0000
***************
*** 482,487 ****
--- 482,494 ----

     <step>
      <para>
+      Restore your previous <filename>pg_hba.conf</> and any
+      <filename>postgresql.conf</> modifications.
+     </para>
+    </step>
+
+    <step>
+     <para>
       Start the database server, again from the special database user
       account:
  <programlisting>
***************
*** 1619,1629 ****
      </para>
     </step>

     <step>
      <para>
!      The previous step should have told you how to start up the
!      database server. Do so now. The command should look something
!      like:
  <programlisting>
  /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data
  </programlisting>
--- 1626,1645 ----
      </para>
     </step>

+    <step
+     <para>
+      At this point, if you did not use the <command>initdb</> <literal>-A</>
+      option, you might want to modify <filename>pg_hba.conf</> to control
+      local access to the server before you start it.  The default is to
+      trust all local users.
+     </para>
+    </step>
+
     <step>
      <para>
!      The previous <command>initdb</> step should have told you how to
!      start up the database server. Do so now. The command should look
!      something like:
  <programlisting>
  /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data
  </programlisting>

В списке pgsql-docs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: 'FOUND' keyword not found in index (pg8.2)
Следующее
От: Bruce Momjian
Дата:
Сообщение: Re: [GENERAL] Password issue revisited