Hassen
Reputation: 7654
I can access postgres database on Rails even with a wrong password
I'm able to connect to my local Postgres database, even with a wrong password. Here is how I created a role and a database (I'm on Mac OSX with Postgres 9.3):
psql postgres
CREATE ROLE role_name WITH ENCRYPTED PASSWORD 'role_password' NOSUPERUSER NOCREATEROLE NOCREATEDB LOGIN;
CREATE DATABASE db_name OWNER role_name;
\q
So, when I configure my database.yml file on Rails, using the following:
default: &default
adapter: postgresql
encoding: unicode
pool: 5
development:
<<: *default
database: db_name
username: role_name
password: this_is_a_wrong_password_ha_ha
and starting the server (rails s), everything works fine: I can create tables with migrations and create/read/update/delete data in it.
I can even do that without giving a role and/or a password.
How can I block access to a database if the role name and role password are not correct? Where I'm wrong? Thanks
Upvotes: 2
Views: 981
Answers (1)
Maxim
Reputation: 9961
Seems like this is default settings for your /usr/local/var/postgres/pg_hba.conf. It is allow access to DB for any local connections:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Upvotes: 1
Related Questions
- problem when changing PostgreSql user password in Rails?
- Rails and postgresql - no password supplied
- Ruby on Rails Authentication Error for postgres
- Postgresql won't accept password
- Postgres & Rails – FATAL: password authentication failed for user
- Rails connects to database without username or password
- PostgreSQL user authentification error
- Ruby on Rails | Postgresql ignores my password in database.yml
- Postgresql or psql 'rails db' password error
- Rails can't login to postgresql - PG::Error - password - Correct info