Hi folks. I'm creating a database using the following command:

createdb -U pablo -W pablotest1

I'm prompted to enter the password to create the DB, and after doing so
the db is created successfully.

However, when I connect to this database via a php script, I can enter
any valid database user, and I can enter anything for the password (or
leave it blank), and I'm still able to connect.

So, each of these connection calls works:

$conn->Connect('localhost','pablo','realpass','pablotest 1');
$conn->Connect('localhost','pablo','','pablotest1');
$conn->Connect('localhost','pablo','abc123','pablotest1' );
$conn->Connect('localhost','bsc','notapass','pablotest1' );
$conn->Connect('localhost','bsc','','pablotest1');

Obviously I'm doing something wrong here, since I don't want scripts to
be able to connect without the proper credentials.

Can anyone give me an idea if I'm executing the createdb command
incorrectly, or if something on the server level might be causing this?

Cheers and TIA,

Pablo

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

"Pablo Gosse" <gossep (AT) unbc (DOT) ca> writes:
Sounds like you don't have pg_hba.conf configured to demand password
authentication. See
http://www.postgresql.org/docs/7.4/s...ntication.html

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster