Geek Answers Handbook

Postgresql server does not ask for password for remote connections

I found that my posgresql database server is not asking for a password for the postgres user when connecting remotely via pgadmin. I mean, this is when I connect to the remote database server from my local computer via pgAdmin.

I added the password in psql, ALTER USER postgres PASSWORD 'mypassword' .

This is my pg_hba.config file:

 /usr/local/pgsql/bin/psql -qAt -c "show hba_file" | xargs grep -v -E '^[[:space:]]*#' local all all trust host all all 127.0.0.1/32 md5 host all all 0.0.0.0/0 md5 host all all ::1/128 md5

So, I do not quite understand what is happening here.

Can anyone help with this?

Thank you very much.

UPDATE:

If I change:

 local all all trust

to

 local all all md5

Now for local connections (via SSH) a password will be set (no password was previously requested), but remote connections will still be connected without a password.

Sincerely, I tried to connect to this database server using rails from another server without a password, and the rails server started without problems.

RESULT RESULTS HERE FOR CONVENIENCE

The real cause of this problem was the .pgpass file. Mac saved the password locally in the .pgpass file in the user's home folder. Then, every time a user tries to log in without a password, PostgreSQL will send a password for the user.

White paper here

+6
source share
2 answers

Thanks for all the ppl comments and answers!

But the real cause of this problem was the .pgpass file. My Mac saved the password locally in the .pgpass file in my user home folder. Then, every time I try to log in without a password, PostgreSQL will send me a password. So that was the question I had ....

Thanks for the whole answer and comments again!

See here for more details.

+17
source

Reading documentation at Postgresql.org

http://www.postgresql.org/docs/9.2/static/auth-pg-hba-conf.html

I would suggest changing the user field with the names of several users who are allowed to remotely connect:

 host all john,charles 0.0.0.0/0 md5 host all john,charles ::1/128 md5

In addition, for security reasons, I would advise you to study the use of "hostssl", as well as specify the name of the database, which can be accessed remotely:

 hostsll webapp123 john,charles 0.0.0.0/0 md5

And if remote access is available only from certain computers, specify their static IP addresses (if using DHCP, use the mask accordingly.)

 hostsll webapp123 john,charles 1.2.3.4/32 md5

Thus, you only jeopardize the webapp123 database, to what users john and charles can do, and only from computer 1.2.3.4.

As mentioned in the documentation, you can have any number of entries, so if you want to add a test server (i.e. your server at home), you can add one line to make it look like this:

 hostsll webapp123 john,charles 1.2.3.4/32 md5 hostsll webapp123 henry home-ip/32 md5

Without specifying users, you probably allow any user, including without passwords, and one of them is selected and works ...

Of course, I would strongly advise you not to name a user who has administrator rights in your database unless you specify its static IP address.

+1
source

More articles:


All Articles