> By default, the ClickHouse server provides the default user account which is not allowed using SQL-driven access control and account management but has all the rights and permissions. The default user account is used in any cases when the username is not defined, for example, at login from client or in distributed queries
This seems... very antiquated as a default? Clickhouse is relatively modern, first released in 2016, long after people were finding unauthenticated MongoDB servers left and right. Why not design it that starting a server requires at least a user-provided password in a config file? And then, even if that password was shared amongst all DeepSeek devs, at least it wouldn't be publicly accessible.
> By default, the ClickHouse server provides the default user account which is not allowed using SQL-driven access control and account management but has all the rights and permissions. The default user account is used in any cases when the username is not defined, for example, at login from client or in distributed queries
This seems... very antiquated as a default? Clickhouse is relatively modern, first released in 2016, long after people were finding unauthenticated MongoDB servers left and right. Why not design it that starting a server requires at least a user-provided password in a config file? And then, even if that password was shared amongst all DeepSeek devs, at least it wouldn't be publicly accessible.