Online documentation unclear about authentication defaults
Hi,
After following the postgresql tutorial for setting up a postgresql
server [1]http://www.postgresql.org/docs/8.2/interactive/installation.html I noticed that I could log in without entering my password.
The documentation did not tell me this (maybe I overlooked it),
eventhough it does show you how to create roles with passwords. In my
opinion it would be a good idea to include a warning like "the default
installation trusts everybody that can make a connection to the
database" because it could lead to some (problematic) confusions.
I didn't check extensively in the docs to see if there actually was such
a warning, particularly because I felt that if there was, it was
probably not prominent enough (or I would have noticed). Sorry if there
was indeed a big warning splattered over the tutorial somewhere.
Greetings,
bb
[1]: http://www.postgresql.org/docs/8.2/interactive/installation.html
bubblboy wrote:
Hi,
After following the postgresql tutorial for setting up a postgresql
server [1] I noticed that I could log in without entering my password.
The documentation did not tell me this (maybe I overlooked it),
eventhough it does show you how to create roles with passwords. In my
opinion it would be a good idea to include a warning like "the default
installation trusts everybody that can make a connection to the
database" because it could lead to some (problematic) confusions.I didn't check extensively in the docs to see if there actually was such
a warning, particularly because I felt that if there was, it was
probably not prominent enough (or I would have noticed). Sorry if there
was indeed a big warning splattered over the tutorial somewhere.
The tutorial indeed neglects warning you about that, but initdb doesn't.
It outputs these lines
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.
Maybe this is not strong enough, or not scary enough?
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Alvaro Herrera wrote:
bubblboy wrote:
Hi,
After following the postgresql tutorial for setting up a postgresql
server [1] I noticed that I could log in without entering my password.
The documentation did not tell me this (maybe I overlooked it),
eventhough it does show you how to create roles with passwords. In my
opinion it would be a good idea to include a warning like "the default
installation trusts everybody that can make a connection to the
database" because it could lead to some (problematic) confusions.I didn't check extensively in the docs to see if there actually was such
a warning, particularly because I felt that if there was, it was
probably not prominent enough (or I would have noticed). Sorry if there
was indeed a big warning splattered over the tutorial somewhere.The tutorial indeed neglects warning you about that, but initdb doesn't.
It outputs these linesWARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.Maybe this is not strong enough, or not scary enough?
Hmm,
You are right, I ran initdb a few weeks ago and continued today.
Personally, I would say that it wouldn't be a bad idea to include a
second warning in the documentation nonetheless, just to emphasize it
(or maybe make the initdb message a little more prominent - who knows).
I can imagine that I saw all that output and thought "oh well, I'm
following the tutorial so this won't be very interesting", but maybe
(probably) that's just plain stupid :)
Greetings,
bb
I have updated the documentation to clarify that initdb -A or editing
pg_hba.conf is required if you do not trust local users --- patch
attached.
---------------------------------------------------------------------------
bubblboy wrote:
Alvaro Herrera wrote:
bubblboy wrote:
Hi,
After following the postgresql tutorial for setting up a postgresql
server [1] I noticed that I could log in without entering my password.
The documentation did not tell me this (maybe I overlooked it),
eventhough it does show you how to create roles with passwords. In my
opinion it would be a good idea to include a warning like "the default
installation trusts everybody that can make a connection to the
database" because it could lead to some (problematic) confusions.I didn't check extensively in the docs to see if there actually was such
a warning, particularly because I felt that if there was, it was
probably not prominent enough (or I would have noticed). Sorry if there
was indeed a big warning splattered over the tutorial somewhere.The tutorial indeed neglects warning you about that, but initdb doesn't.
It outputs these linesWARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.Maybe this is not strong enough, or not scary enough?
Hmm,
You are right, I ran initdb a few weeks ago and continued today.
Personally, I would say that it wouldn't be a bad idea to include a
second warning in the documentation nonetheless, just to emphasize it
(or maybe make the initdb message a little more prominent - who knows).
I can imagine that I saw all that output and thought "oh well, I'm
following the tutorial so this won't be very interesting", but maybe
(probably) that's just plain stupid :)Greetings,
bb---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +