Re: [HACKERS] Re: New pg_pwd patch and stuff

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: brandys@eng3.hep.uiuc.edu (todd brandys)
Cc: pgsql-hackers@postgresql.org
Date: 1998-01-20T19:53:38Z
Lists: pgsql-hackers
> I agree that we should do the check for the 'World-readable' 
> pg_user and give a warning if someone attempts to assign a password.
> I still think the admin should be given an option in the dbinit script to 
> choose whether or no to run the 'REVOKE'.  At this point it would be easy 
> to inform the admin what the trade-offs are, and we will have his/her 
> undivided attention (They will be more apt to read about it to get past the
> prompt.).
> 
> These changes should not take long to make.  I need to get the current 
> CVS version (I will do so tonight), and I should have the changes 
> (performed and tested) in a day or so.

Sure, why not ask the admin.  Saves him a step when he tries to do the
first password.  I just think we should also check when doing a password
change, which makes sense.

-- 
Bruce Momjian
maillist@candle.pha.pa.us