A few years ago now, still well into the 2000s, I was very naive. Especially in terms of IT security.
To make a long and painful story that I don't even remember too well, the bottom line is that I installed a FreeBSD server at home with PostgreSQL. Being the naive fool that I was, I had no idea that there was even such a thing as an "SSH tunnel" or something like that. So, I assumed that the only way to connect to my database was to allow remote connections directly to it.
I did not have a "LAN LAN" with internal IP addresses; instead, I had several "real" (external) IP addresses, one for my normal PC and one for the server. As such, this problem has become even more serious.
When setting up the file called "pg_hba.conf", which controls how you can connect to the PostgreSQL database (separate from user accounts or "roles"), I didn’t not read or understand the manual and comments in the file correctly. For this reason, I have interpreted "trust" mode to mean "trust, assuming they give the correct username and password". In reality, it meant "trust this username with ANY PASSWORD OR NO PASSWORD AT ALL".
Since I also selected "all IP addresses" (because, even if they were "real" IP addresses, they were not static and sometimes changed), this means that six months, my "secure" server (as I imagined it in my stupid head) with very private and sensitive data was there so that the whole world could connect freely as long as they could guess my name ; PG user very easily guessable .. from any IP address … with or without password …
It was only after months and months (again, six months seemed about right) that I reviewed this file after getting cold feet. It was basically just a "feeling", and it could easily have gone on like this for years and years. To date, I don't know if anyone has logged in and stolen all of the data and is now sitting on it for future blackmail opportunities.
Yes, I was a complete idiot for not reading / understanding. I understand. I even agree. But still, why would it be even to have such a configuration possibility? Who would ever want them to "trust" someone just providing the user name / role and ignoring the password, even if a password has been set? It doesn't make sense to me. In my defense, it has never happened in my brain that anyone who designs a system in such a stupid way. Yes, I blame the database software designers to some extent, even if it was not the default configuration. I actively changed it, but why do it possible to do this? The manual didn't exactly have a big warning about it, and no message was issued when restarting the database to warn me of this or something like that.
To this day, it still occurs to me that such a configuration was (and probably still is) possible. You don't set a password for it to be bypassed like this. I'm still almost incredulous about it.
Also, even though I have never used it myself, in recent years I have heard horror stories about MongoDB databases allowing the whole world to freely connect to it by default! It goes even further than PostgreSQL and makes my skin crawl just by thinking about it. I really feel for those poor fools who trust this database and configure it thinking, as I did with PG, that it is secure and sane.
Why are they doing this? If it is to give some "job security" to database administrators, well, that’s a really cruel way to do it. Even though it was largely / mostly my fault, I continue to hold this against the PostgreSQL developers and will never "drop" it mentally. In the case of MongoDB, it looks like they really did it on purpose, because it was by default. I don't understand how they can endanger their users like that, especially not without the user even changing the configuration.