I have updated the documentation to clarify that initdb -A or editing
pg_hba.conf is required if you do not trust local users --- patch
attached.
---------------------------------------------------------------------------
bubblboy wrote:
> Alvaro Herrera wrote:
> > bubblboy wrote:
> >> Hi,
> >>
> >> After following the postgresql tutorial for setting up a postgresql
> >> server [1] I noticed that I could log in without entering my password.
> >> The documentation did not tell me this (maybe I overlooked it),
> >> eventhough it does show you how to create roles with passwords. In my
> >> opinion it would be a good idea to include a warning like "the default
> >> installation trusts everybody that can make a connection to the
> >> database" because it could lead to some (problematic) confusions.
> >>
> >> I didn't check extensively in the docs to see if there actually was such
> >> a warning, particularly because I felt that if there was, it was
> >> probably not prominent enough (or I would have noticed). Sorry if there
> >> was indeed a big warning splattered over the tutorial somewhere.
> >
> > The tutorial indeed neglects warning you about that, but initdb doesn't.
> > It outputs these lines
> >
> > WARNING: enabling "trust" authentication for local connections
> > You can change this by editing pg_hba.conf or using the -A option the
> > next time you run initdb.
> >
> >
> > Maybe this is not strong enough, or not scary enough?
>
> Hmm,
>
> You are right, I ran initdb a few weeks ago and continued today.
> Personally, I would say that it wouldn't be a bad idea to include a
> second warning in the documentation nonetheless, just to emphasize it
> (or maybe make the initdb message a little more prominent - who knows).
> I can imagine that I saw all that output and thought "oh well, I'm
> following the tutorial so this won't be very interesting", but maybe
> (probably) that's just plain stupid :)
>
> Greetings,
> bb
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/installation.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v
retrieving revision 1.283
diff -c -c -r1.283 installation.sgml
*** doc/src/sgml/installation.sgml 17 Feb 2007 01:26:24 -0000 1.283
--- doc/src/sgml/installation.sgml 19 Feb 2007 18:55:50 -0000
***************
*** 482,487 ****
--- 482,494 ----
<step>
<para>
+ Restore your previous <filename>pg_hba.conf</> and any
+ <filename>postgresql.conf</> modifications.
+ </para>
+ </step>
+
+ <step>
+ <para>
Start the database server, again from the special database user
account:
<programlisting>
***************
*** 1619,1629 ****
</para>
</step>
<step>
<para>
! The previous step should have told you how to start up the
! database server. Do so now. The command should look something
! like:
<programlisting>
/usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data
</programlisting>
--- 1626,1645 ----
</para>
</step>
+ <step
+ <para>
+ At this point, if you did not use the <command>initdb</> <literal>-A</>
+ option, you might want to modify <filename>pg_hba.conf</> to control
+ local access to the server before you start it. The default is to
+ trust all local users.
+ </para>
+ </step>
+
<step>
<para>
! The previous <command>initdb</> step should have told you how to
! start up the database server. Do so now. The command should look
! something like:
<programlisting>
/usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data
</programlisting>