May | 2016 | Database Security

Updates from May, 2016 Toggle Comment Threads | Keyboard Shortcuts

Anıl Akduygu 10:46 on 21 May 2016 Permalink | Reply

Postgres security Checks Password Encryption
This test checks if postgresql passwords are stored in encrypted or clear text format.

First check pg_shadow table to find any clear-text passwords. For this reason we can use below query.

select usename,passwd from pg_shadow

where passwd not like ‘md5%’ or length(passwd) <> 35;

The output of this query should be null. If you find any passwords in clear-text format. you should change these passwords .

At the same time you should check Password_encryption parameter. This parameter controls ALTER USER and CREATE USER commands, If you don’t specify ENCRYPTED or UNENCRYPTED at this command , the database encrypts passwords.

The value of Password_encryption parameter should be on

postgres=# show Password_encryption;

password_encryption

———————

on

(1 row)
Reply Cancel reply
Required fields are marked *

Name *

Email *

Website

Notify me of new comments via email.
Notify me of new posts via email.
Δ

c: Compose new post
j: Next post/Next comment
k: Previous post/Previous comment
r: Reply
e: Edit
o: Show/Hide comments
t: Go to top
l: Go to login
h: Show/Hide help
shift + esc: Cancel