Re: [tlug] CentOS using default/blank? password postgres

["Keith Bawden" <keith@example.com>]

On Fri, Aug 22, 2008 at 12:46, Curt Sampson <cjs@example.com> wrote:
> On 2008-08-21 19:37 +0900 (Thu), Keith Bawden wrote:
>
>> Whilst I agree it is an oversight for the end user to not have been
>> informed, and for the thing to automatically run without a password
>> being set. I also think the user/admin should have had a bit more
>> nouse, or at least asked for some advice when putting a service like
>> this on a network...
>
> I disagree. People, no matter how knowledgable, will make errors and
> omissions from time to time, and any properly set up system should fail
> safe when this is done.
>

A "properly setup system" is something the system itself cannot know
exactly - after all what you want out of a DB might be different from
what I want, which in turn may be totally different from what a
package maintainer thinks we all want et cetera. Also I thought we
were not talking about a "properly setup system". That is, I thought
we were talking about how to "properly" setup a system.

My point was that something blatantly bogus like running without a
root password set and without informing the person doing the setup
that this is the case is a bad thing. However, my point is _also_ that
it helps if the person doing the setup either has a bit of knowledge
on the subject, or has the ability to find that knowledge before hand,
or has a peer that can review the deployment. Ideally the person would
have at least 2 or all of these traits - existing knowledge, ability
to gain knowledge, and the ability to ask for help/advice/review when
needed.

So I pretty much agree with you. The system should catch some blatant
misconfiguration,  with the proviso that the person doing the setup
takes some ownership of the task at hand and not expect the software
to be responsible for every decision to be made.

Regards, Keith