Re: [HACKERS] TODO list updated

Lamar Owen <lamar.owen@wgcr.org>

From: Lamar Owen <lamar.owen@wgcr.org>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2000-01-13T19:47:54Z
Lists: pgsql-hackers
Bruce Momjian wrote:
> > * Make postgres user have a password by default

> > There's an initdb switch.
 
> OK, now we have to decide if we are going to require this be done as
> part of initdb.  I am inclined to say the user _has_ to be _prompted_ in
> a secure matter for the password as part of initdb.  Have a command-line
> switch for the password is not secure, IMHO, though it is better than
> nothing.
 
> Let's get people's opinions on this, and we can mark it as done.

As a packager, and a user, I would like the _option_ of setting a
default password using a --prompt-for-password switch.

By all means don't make it default to prompting for a password -- there
are those who do not need a password on the database superuser account,
due to other security measures and connection models (IE, backing a
webserver that is handling authentication and pooling connections under
a single (nonprivileged) user).

--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11