2

I create posgresql db user named 'user'. Password: django1234.

And I type the database info in settings.py.

DATABASES = {
'default': {
    'ENGINE': 'django.db.backends.postgresql',
    'NAME': 'test',
    'USER': 'user',
    'PASSWORD': '1q2w3e',
    'HOST': 'localhost',
    'PORT': '5432',
    }
}

The password does not match definitely. However, it can access the 'test DB' when I run the server, which means, I guess, that anyone can access my DB. What is the problem?

Thank you in advance.

Improve this question
1
  • What is in pg_hba.conf file? If it doesn't require a password (trust, peer, etc.), then you can connect without one (or with a wrong one) Commented Sep 6, 2019 at 15:06

2 Answers 2

Reset to default
1

You've probably set the access to trust in your configuration. Check for pg_hba.conf file, on Debian/Ubuntu and for PostgreSQL 10 it's located at /etc/postgresql/10/main/pg_hba.conf (Check directory like "Program Files\PostgreSQL\data" on Windows). Find the following line:

# IPv4 local connections:
host    all             all             127.0.0.1/32            trust

and change it to:

host    all             all             127.0.0.1/32            md5

if your user is a system user too.

Restart your server afterward with sudo systemctl restart postgresql. On Windows that can be done with "Reload configuration" shortcut from the PostgreSQL start menu folder.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It is most likely that the authentication method for the user test@localhost is trust, meaning that Postgres is not asking for password to accept a connection. Please refer the Postgres documentation for further details.

Improve this answer

1 Comment

Thank you for your help!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.