Hi,
After following the postgresql tutorial for setting up a postgresql
server [1] I noticed that I could log in without entering my password.
The documentation did not tell me this (maybe I overlooked it),
eventhough it does show you how to create roles with passwords. In my
opinion it would be a good idea to include a warning like "the default
installation trusts everybody that can make a connection to the
database" because it could lead to some (problematic) confusions.
I didn't check extensively in the docs to see if there actually was such
a warning, particularly because I felt that if there was, it was
probably not prominent enough (or I would have noticed). Sorry if there
was indeed a big warning splattered over the tutorial somewhere.
Greetings,
bb
[1] http://www.postgresql.org/docs/8.2/interactive/installation.html