Allow any user to connect to postgres with full permissions? - postgresql

I love postgres.app. It makes it really simple to develop against postgres. I'm configuring a vagrant setup so some of my other developer friends can easily use postgres, however I'd like to enable the same behavior of postgres.app, namely I'd like them to be able to connect using localhost and without having to have a username or password specified. I know it's gotta be possible, but I haven't figured out how yet. Any ideas?
Worst case I can create a super user, since I know the username of vagrant boxes, but if you have any ideas, I'd love to hear 'em.

You can automatically install local instance of PostgreSQL server and preconfigure pg_hba.conf file to have trust entries like this:
# Allow any user on the local system to connect to any database
# with any database user name using Unix-domain sockets
# (the default for local connections):
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
# The same using local loopback TCP/IP connections:
host all all 127.0.0.1/32 trust

Related

In PostgreSQL, how to accept *any* password for the user "postgres"?

I'm working on many projects simultaneously, and some have some passwords defined as default, which can vary along projects. I've got postgresql installed on my (Ubuntu) laptop and of course I'm only using it locally for devving.
I know it's horribly insecure, but I don't expose postgres remotely. So to make things easier I would like the postgresql server to accept ANY password it is given for the postgres user. Is there any way that I could do this?
Set trust for all you local connections in pg_hba.conf like e.g
local all all trust
After editing, restart the postgresql service.

postgresql disable modifying pg_hba to connect

I have a postgresql 11 instance that need to share with the client, it's ok to let the client do whatever they want except the accounts.
if the client modifies the pg_hba.conf, they can connect without password, is there any way to disable pg_hba, making it no way to connect without password?
PS: the client has the host access

PostgreSQL security local (pg_hba.conf )

In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.

what's the easiest way to password protect mongodb database for remote user?

I have a mongodb running in my server, for local connections to the db I don't need any password to protect it(that is within the same physical machine, meaning connect to the server thru the 127.0.0.1 ip address).
But I don't want other people in the network be able connect to my database without password, only the authorized user. So I want to do password protection for the remote user.
How to do it?
Right now monogdb does not support authentication mode based on the user location. So that means if you run mongod with --auth that will apply to everyone.
There are no (yet) advanced authentication schemas like IP, protocol source, etc. For now you can only define if the user has read only or write permissions on a database. So basically the only thing mongodb cares is if you typed the right password for the right user.
Personally in all production environment I would recommend to use the secure mode, because even if you allow only connection from a localhost any users who has access to the local server or any malicious script on the host can easily wipe all your data.
The MongoDB Security and Authentication page has information on configuring user authentication and firewall settings.
Note that when you enable password authentication for a database, the authentication requirement will apply to both local and remote users (so you will also need to connect with a password through the local IP).
MongoDb does not offer an easy way to protect the database. I assume this is the reason why there are tens of thousands of mongodb instances on the net that are unprotected for hackers

How can I configure PostgreSQL to use Windows Authentication?

I am trying to setup PostgreSQL and allow only certain Windows users to access the data from the database. Setting up Windows Authentication is Quite easy with MS SQL, but I can't figure out how to set it up in PostgreSQL.
I have gone through the documentation at http://www.postgresql.org/docs/current/static/auth-methods.html
and edited the pg_hba file. But after doing so, the PostgreSQL service fails to start.
Is the Postgresql server running on Windows as well as the clients then you might test with this to see if this works:
host all all 0.0.0.0/0 sspi
Magnus Hagander, a Postgresql developer, elaborates on this:
"All users connecting from the local machine, your domain, or a trusted domain will be automatically authenticated using the SSPI configured authentication (you can enable/disable things like NTLMv2 or LM using Group Policy - it's a Windows configuration, not a PostgreSQL one). You still need to create the login role in PostgreSQL, but that's it. Note that the domain is not verified at all, only the username. So the user Administrator in your primary and a trusted domain will be considered the same user if they try to connect to PostgreSQL. Note that this method is not compatible with Unix clients."
If you mix Unix-Windows then you have to resort to kerberos using GSSAPI which means you have to do some configuration. This article on deploying Pg in Windows environments may perhaps lead you in the right path.
If anyone else encouters this like I did so starting from 9.5 you wil need to add an optional parameter both to the ipv4 and ipv6 in order for this to work
include_realm=0
so the whole thing will look like
host all your_username 127.0.0.1/32 sspi include_realm=0