Set random password if POSTGRES_PASSWORD was not provided

[EugenKon]

Actually this is not required to provide this password. In pg_hba.conf file by default we trust connections via socket, thus user in any time can login and ALTER ROLE postgres. So this is secure and less error prone solution.

[yosifkit]

Sorry for the slow response. I'm not sure I understand the ask, but we don't want to add more magic behavior to the entrypoint at this time.

The user must set a password via POSTGRES_PASSWORD or set POSTGRES_HOST_AUTH_METHOD to trust (very insecure). This is mentioned in the docs from Docker Hub.

[EugenKon]

@yosifkit I mean that by entry we are able to not require POSTGRES_PASSWORD. This ENV could be not mandatory. If not provided the script could just setup random password into it.

Thanks for the link. I do not see any mentions that it is "insecure" there. Even the link from that read me says it could be Ok. https://www.postgresql.org/docs/14/auth-trust.html. Though it looks like it refers to the outdated documentation. Should it be current?

[yosifkit]

We moved to explicitly require a password in #658. We don't want to reverse that with an automatic random password.

trust mode in POSTGRES_HOST_AUTH_METHOD is insecure because it means anyone can connect without a password and get access to the database, so if you expose the PostgreSQL port to the network (like via -p 5432:5432 on docker run or ports: [ "5432:5432" ] in compose.yml) it can and will likely be "hacked".

[EugenKon]

It would be nice to have this mentioned at that document. Thanks.

*I understand this is obvious for experienced users but this could be useful for a new one.