On Tue, Aug 1, 2023 at 10:13 AM William Edwards <wedwards@xxxxxxxxxxxxxx> wrote:
This allows all local users connecting over TCP to access all databases,
not only the databases that the user is a member of as one might expect.
Proof that user is able to access database that it is not a member of is
below.
Roles do not gain membership in databases. Roles can be granted permissions on databases (mainly CONNECT). And all roles, via PUBLIC, get connect privileges on all databases by default. So the pg_hba.conf entry is not causing something to happen against the wishes of the privileges system.
And yes, this is a usability vs secure-by-default that hasn't seen enough complaint to take on changing the default.
David J.
