Re: [tlug] CentOS using default/blank? password postgres

["Keith Bawden" <keith@example.com>]

On Fri, Aug 22, 2008 at 16:24, Curt Sampson <cjs@example.com> wrote:
>> However, my point is _also_ that it helps if the person doing the
>> setup either has a bit of knowledge on the subject....
>
> Sure, it's helpful. But I think we both agree that even the most
> knowledgable person will make mistakes once in a while; it's the nature
> of humans to do so.
>

Hey be fair with your trimming there mate ;-) I totally agree here and
it is why in text that trimmed off I went on to say that a peer review
and some study helps.

I know I make mistakes all the time and rely on my peers for help in
reviewing and providing direction on a near daily basis. I in turn try
and provide the same services to my peers :-)

In the end I pretty much think we are both singing to the same tune.

>> The system should catch some blatant misconfiguration....
>
> While I agree with that, my actual point was that installs should be
> secure by default, with user action required to make them less secure.
>

Yep I too think this is the way to go. Turn close to everything off by
default and make it necessary for the person doing the setup to
actually need to make some decisions. When making these decisions a
bit of RTFMing, A9ning, possibly combined with consulting with peers
would be the way to go at this juncture.

Regards, Keith