2

I'm able to connect to my local Postgres database, even with a wrong password. Here is how I created a role and a database (I'm on Mac OSX with Postgres 9.3):

psql postgres

CREATE ROLE role_name WITH ENCRYPTED PASSWORD 'role_password' NOSUPERUSER NOCREATEROLE NOCREATEDB LOGIN;

CREATE DATABASE db_name OWNER role_name;

\q

So, when I configure my database.yml file on Rails, using the following:

default: &default
  adapter: postgresql
  encoding: unicode
  pool: 5

development:
  <<: *default
  database: db_name
  username: role_name
  password: this_is_a_wrong_password_ha_ha

and starting the server (rails s), everything works fine: I can create tables with migrations and create/read/update/delete data in it.

I can even do that without giving a role and/or a password.

How can I block access to a database if the role name and role password are not correct? Where I'm wrong? Thanks

Improve this question

1 Answer 1

Reset to default
1

Seems like this is default settings for your /usr/local/var/postgres/pg_hba.conf. It is allow access to DB for any local connections:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes @maxd, you're right. my pg_hba.conf is identical to your answer. How can I prevent this? (I mean only a particular user for a particular database)
Just adjust this config and restart Postgres.
reload is good enough, you don't have to restart the database for this type of change.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.