No, but none of the others are better. See previous discussions in the archives. I don't think the situation has changed any since the last time we hashed this out.
I'll chime in from the phpPgAdmin point of view. The thing with phpPgAdmin is that it breaks the 'localhost' access is safe rule that the existing trust stuff assumes. This is because the most common setup is Apache and PostgreSQL on the same machine.
The situation got SO BAD with being able to just Google for 'phpPgAdmin Login' and then just log straight in as 'pgsql' and no password that since version 3.2 or so we have had "extra login security". That means that by default in phpPgAdmin we disallow any login as the 'pgsql', 'postgres', 'root', or 'administrator' users, and you cannot log into any account without a password.
This has fixed the problem greatly, however we get heaps of people who cannot understand why they cannot log in. Those are the people we save from themselves.
I think that pg_hba.conf should have md5 on all by default, and the -W initdb parameter should be required.
Chris
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
