Postgres security Checks Password Encryption
This test checks if postgresql passwords are stored in encrypted or clear text format.
First check pg_shadow table to find any clear-text passwords. For this reason we can use below query.
select usename,passwd from pg_shadow
where passwd not like ‘md5%’ or length(passwd) <> 35;
The output of this query should be null. If you find any passwords in clear-text format. you should change these passwords .
At the same time you should check Password_encryption parameter. This parameter controls ALTER USER and CREATE USER commands, If you don’t specify ENCRYPTED or UNENCRYPTED at this command , the database encrypts passwords.
The value of Password_encryption parameter should be on
postgres=# show Password_encryption;
password_encryption
———————
on
(1 row)
Reply