How is pg_hba.conf different from postgresql.conf?

B

beduin012015-09-27 20:27:09

PostgreSQL

beduin01, 2015-09-27 20:27:09

And there and there there are points regarding the hosts allowed to connect. Question. What is the point? Why are they conditionally duplicated?
The second question is whether it is necessary to restart the service after changing the configuration. I just met mentions of what is needed, but it seems like pg_hba.conf changes are picked up anyway.
Why can I connect to a remote host _without_ specifying a password with the following line:
>psql -U postgres -h 5.203.12.11 -p 5432 testdb1
>psql (9.4.3, server 9.3.9)
>testdb1=#
pg_hba.conf has the following content and explicitly requires passwords:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host all all 0.0.0.0/0 password
# IPv4 local connections:
host    all             all             127.0.0.1/32            password
# IPv6 local connections:
host    all             all             ::1/128                 md5

PS I changed the IP to which I am connecting to a random one. I'm afraid that someone will be able to connect to the database without a password just like me.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vlad Zhivotnev, 2015-09-27
@inkvizitor68sl

> has the following content and explicitly requires passwords:
Are you sure this is the whole hba? Are you sure there is nothing about 127.0.0.1 in there?
Are you sure that the hba you are looking at is being used? I also butted with a similar problem the other day, it turned out that in postgresql.conf in /etc/, the hba lying nearby is clearly sewn up.