| From: | Jim Nasby <decibel(at)decibel(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Christopher Browne <cbbrowne(at)acm(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bugtraq: Having Fun With PostgreSQL |
| Date: | 2007-06-18 17:09:23 |
| Message-ID: | 1BE7D620-FF6A-4F77-B4A0-ABC78A472FC7@decibel.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Jun 18, 2007, at 12:58 AM, Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> Christopher Browne wrote:
>>> That won't help; that would introduce the "embarrassment" of
>>> having a
>>> known default password.
>
>> No it wouldn't unless the packagers set it up to do that. My point is
>> that when a packager (or source) runs initdb, it would prompt for the
>> postgres user password.
>
> Practically every existing packaging of PG tries to run initdb as a
> hidden, behind-the-scenes, definitely not-interactive procedure.
I know there's issues with using ident sameuser via TCP, but what
about for filesystem socket connections?
As for the interactive/non-interactive, we could just leave that as
an option to initdb, and make the default to ask for a password.
Packagers would just need to feed the right option to initdb.
--
Jim Nasby jim(at)nasby(dot)net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2007-06-18 18:02:51 | Re: GUC time unit spelling a bit inconsistent |
| Previous Message | Tom Lane | 2007-06-18 17:03:34 | Re: GUC time unit spelling a bit inconsistent |