CODEWITHSUNDEEP
pythondjangopostgresql
mode
mode

Reputation: 133

Incorrect password can access database in django

I create posgresql db user named 'user'. Password: django1234.

And I type the database info in settings.py.

DATABASES = {
'default': {
    'ENGINE': 'django.db.backends.postgresql',
    'NAME': 'test',
    'USER': 'user',
    'PASSWORD': '1q2w3e',
    'HOST': 'localhost',
    'PORT': '5432',
    }
}

The password does not match definitely. However, it can access the 'test DB' when I run the server, which means, I guess, that anyone can access my DB. What is the problem?

Thank you in advance.

Upvotes: 2

Views: 256

Answers (2)

ipaleka
ipaleka

Reputation: 3967

You've probably set the access to trust in your configuration. Check for pg_hba.conf file, on Debian/Ubuntu and for PostgreSQL 10 it's located at /etc/postgresql/10/main/pg_hba.conf (Check directory like "Program Files\PostgreSQL\data" on Windows). Find the following line:

# IPv4 local connections:
host    all             all             127.0.0.1/32            trust

and change it to:

host    all             all             127.0.0.1/32            md5

if your user is a system user too.

Restart your server afterward with sudo systemctl restart postgresql. On Windows that can be done with "Reload configuration" shortcut from the PostgreSQL start menu folder.

Upvotes: 1

alfonso.kim
alfonso.kim

Reputation: 2900

It is most likely that the authentication method for the user test@localhost is trust, meaning that Postgres is not asking for password to accept a connection. Please refer the Postgres documentation for further details.

Upvotes: 0

Related Questions