So say you are developing multiple different projects for different clients and want your developers to use postgres on their development machine (i.e. localhost connection in the development environment). Does one add much/anything, from a security point of view, by requiring that each project use a different postgres username and password?
I am asking because, although more security is (of course) always more secure, it also adds complexity to the development environment and I'm wondering if the trade-off is worth it. In particular, the passwords for each postgres will probably be stored in plaintext (e.g. in some yaml or .env file). If some other code was truly malicious, it could just read that file and get the password and gain access no matter what. Also, the data is usually dummy data and low sensitivity.
