Re: [HACKERS] TODO list updated
Lamar Owen <lamar.owen@wgcr.org>
From: Lamar Owen <lamar.owen@wgcr.org>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2000-01-13T19:47:54Z
Lists: pgsql-hackers
Bruce Momjian wrote: > > * Make postgres user have a password by default > > There's an initdb switch. > OK, now we have to decide if we are going to require this be done as > part of initdb. I am inclined to say the user _has_ to be _prompted_ in > a secure matter for the password as part of initdb. Have a command-line > switch for the password is not secure, IMHO, though it is better than > nothing. > Let's get people's opinions on this, and we can mark it as done. As a packager, and a user, I would like the _option_ of setting a default password using a --prompt-for-password switch. By all means don't make it default to prompting for a password -- there are those who do not need a password on the database superuser account, due to other security measures and connection models (IE, backing a webserver that is handling authentication and pooling connections under a single (nonprivileged) user). -- Lamar Owen WGCR Internet Radio 1 Peter 4:11