I have the following problem. I created a PostgreSQL user app with this statement:
CREATE USER app WITH ENCRYPTED PASSWORD 'qwerty';
Then I gave it some privileges in my database bazy.
Then I access a database by authenticating as this user and using pg module like this:
const { Pool } = require('pg');
(async function() {
let pool = new Pool({
user: "app",
host: 'localhost',
database: "bazy",
password: "BS",
port: 5432
});
let client = await pool.connect();
let { rows } = await client.query("SELECT 'I love you';");
console.log(rows);
})();
The problem is that this works and gives this output:
[ { '?column?': 'I love you' } ]
But this should not work, for the password of the user is qwerty, not BS. And the thing is that any password works here.
What have I done wrong?
[EDIT]
The answer of @mike.k is 100% helpful.
The not commented (almost) part of pg_hba.conf file, which we can find following these instructions, looks like this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
We can see here that we do not require password in any type of connections listed here, for method trust means that in order to connect to those users we are not required any password (it is ignored obviously), in order to change that we can use method password or md5 or scram-sha-256 instead, as is said in pg_hba.conf file:
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
To be honest, I don't know where exactly I should change it, though. ¯\_(ツ)_/¯. So I changed all of them (of the methods to password) and it worked :) It requires passwords now.
