From: Bruce Momjian <maillist@candle.pha.pa.us>
> > > I think the original point was that some people use the same or
related
> > > passwords for psql as for their login password.
> >
> > This may sound cold, but isn't that their own problem. I can remmeber
> > being told the first time i needed a passwd "don't reuse this" .
> > There should come a tiem when people take their own security a little
> > more into their own hands, but hey that's just me :)
>
> This may be the issue. If we decided the postgres user has to be able
> to know the password, we are stuck requiring people to use a different
> password for the database if the postgres user is not trusted as much as
> the system owner.
Assuming that people have limited memory, they really have only two
choices - reuse passwords, possibly with some modifications, or write
passwords down. I think the first choice is the lesser evil. There are perfect solutions to the authentication
problem.It's just a
matter of accepting one of these solutions.
Gene Sokolov
