Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] CentOS using default/blank? password postgres
- Date: Fri, 22 Aug 2008 16:24:38 +0900
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] CentOS using default/blank? password postgres
- References: <78d7dd350808202324n25d74f01s338bc519e2f964da@mail.gmail.com> <f118b8b90808210337y3972b902uda10adb6e74bd33c@mail.gmail.com> <20080822034650.GB27245@lucky.cynic.net> <f118b8b90808212231j6bbddc9el2adb5add13b8eb7c@mail.gmail.com>
- User-agent: Mutt/1.5.17 (2007-11-01)
On 2008-08-22 14:31 +0900 (Fri), Keith Bawden wrote: > On Fri, Aug 22, 2008 at 12:46, Curt Sampson <cjs@example.com> wrote: > > > I disagree. People, no matter how knowledgable, will make errors and > > omissions from time to time, and any properly set up system should fail > > safe when this is done. > > A "properly setup system" is something the system itself cannot know > exactly - after all what you want out of a DB might be different from > what I want.... Sorry, I didn't clearly state what I meant by "properly set up." I mean that the installer is not properly written if the default configuration is not a safe and secure one. For example, NetBSD, after a default installation will boot up but will start no network-listening daemons at all. This is safe. > My point was that something blatantly bogus like running without a > root password set and without informing the person doing the setup > that this is the case is a bad thing. Actually, the issue here was not that there was no root password; the issue is that the default configuration a) allows root logins over the network, and b) allows password logins. Both of these should be disabled by default, because they're both dangerous, and so the user should make a conscious decision to enable them. It would also be good to have appropriate warnings in the config files where the setting would be enabled. > However, my point is _also_ that it helps if the person doing the > setup either has a bit of knowledge on the subject.... Sure, it's helpful. But I think we both agree that even the most knowledgable person will make mistakes once in a while; it's the nature of humans to do so. > The system should catch some blatant misconfiguration.... While I agree with that, my actual point was that installs should be secure by default, with user action required to make them less secure. cjs -- Curt Sampson <cjs@example.com> +81 90 7737 2974 Mobile sites and software consulting: http://www.starling-software.com
- Follow-Ups:
- Re: [tlug] CentOS using default/blank? password postgres
- From: Keith Bawden
- Re: [tlug] CentOS using default/blank? password postgres
- References:
- [tlug] CentOS using default/blank? password postgres
- From: Hung Nguyen Vu
- Re: [tlug] CentOS using default/blank? password postgres
- From: Keith Bawden
- Re: [tlug] CentOS using default/blank? password postgres
- From: Curt Sampson
- Re: [tlug] CentOS using default/blank? password postgres
- From: Keith Bawden
- [tlug] CentOS using default/blank? password postgres
- Prev by Date: Re: [tlug] CentOS using default/blank? password postgres
- Next by Date: Re: [tlug] CentOS using default/blank? password postgres
- Previous by thread: Re: [tlug] CentOS using default/blank? password postgres
- Next by thread: Re: [tlug] CentOS using default/blank? password postgres
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |