Authentication over InfluxDB line protocol was added as a feature request for this protocol only and ensures only that clients writing to QuestDB are authenticated before being allowed to send records to tables.
For authenticating over Postgres wire, there is the equivalent of host-based authentication, i.e. in Node.js this looks like:
const { Client } = require("pg")
const start = async () => {
const client = new Client({
database: "qdb",
host: "127.0.0.1",
password: "quest",
port: 8812,
user: "admin",
})
await client.connect()
console.log("Connected")
}
start()
Only one database and one admin user is supported at the moment and you should keep in mind that anyone who can connect to the host using these credentials has database access and can read/write to tables on this host.
If you want to ensure your installation is locked down, you should at a minimum change the default connection credentials specified in the server configuration file (server.conf) such as changing the default username and password, and only enable the protocol(s) that you are reading and writing with.
Depending on where the installation is deployed, you could take steps beyond the QuestDB config itself and whitelist incoming / outgoing network connections (on EC2 for instance) to only allow connections coming from a specific IP, or within a VPC, for example.
If having multiple database users with role-based access is something you really need, feel free to open an issue with a feature request.
edit: It might be worth noting that you can also set the HTTP server to readonly mode which was discussed in another stackoverflow question
