search

crate / crate-python

Python DB API client library for CrateDB, using HTTP.
https://cratedb.com/docs/python/
Apache License 2.0
79 stars 30 forks source link

DQL user verification not implemented? #657

Closed SchabiDesigns closed 3 hours ago

SchabiDesigns commented 3 hours ago

Hello,

I just wanted to add a small user identification feature to my app and noticed that it literally doesn’t matter what you type in as the password! The only thing that matters is the correct username. I conducted some tests to verify this:

Image

And the magic works… 🧙

I am using pyhon 3.12.7 with crate 1.0.0 dev0

How can I verify the user in a safe way? Since communication is over HTTP, that seems a bit tricky, isn't it?

Regards, Schabi

hlcianfagna commented 3 hours ago

Hi, It seems your CrateDB environment may be running with trust authentication, to enforce password controls we need to define an HBA configuration.

SchabiDesigns commented 3 hours ago

Thanks @hlcianfagna Nice to know that the problem is sitting in front of my computer

You probably want to close that topic...

hlcianfagna commented 3 hours ago

No worries