Thread: Creating DB with pass, but pass not required to connect

Creating DB with pass, but pass not required to connect

From

"Pablo Gosse"

Date:

09 November 2004, 23:00:11

Hi folks.  I'm creating a database using the following command:

createdb -U pablo -W pablotest1

I'm prompted to enter the password to create the DB, and after doing so
the db is created successfully.

However, when I connect to this database via a php script, I can enter
any valid database user, and I can enter anything for the password (or
leave it blank), and I'm still able to connect.

So, each of these connection calls works:

$conn->Connect('localhost','pablo','realpass','pablotest1');
$conn->Connect('localhost','pablo','','pablotest1');
$conn->Connect('localhost','pablo','abc123','pablotest1');
$conn->Connect('localhost','bsc','notapass','pablotest1');
$conn->Connect('localhost','bsc','','pablotest1');

Obviously I'm doing something wrong here, since I don't want scripts to
be able to connect without the proper credentials.

Can anyone give me an idea if I'm executing the createdb command
incorrectly, or if something on the server level might be causing this?

Cheers and TIA,

Pablo

Re: Creating DB with pass, but pass not required to connect

From

Tom Lane

Date:

10 November 2004, 00:38:38

"Pablo Gosse" <gossep@unbc.ca> writes:
> However, when I connect to this database via a php script, I can enter
> any valid database user, and I can enter anything for the password (or
> leave it blank), and I'm still able to connect.

Sounds like you don't have pg_hba.conf configured to demand password
authentication.  See
http://www.postgresql.org/docs/7.4/static/client-authentication.html

            regards, tom lane