Postgres security Checks Password Encryption

This test checks if postgresql passwords are stored in encrypted or clear text format.

First check pg_shadow table  to find any clear-text passwords. For this reason we can use below query.

select usename,passwd from pg_shadow

 where passwd not like ‘md5%’ or length(passwd) <> 35;

The output of this query should be null. If you find any passwords in clear-text format. you should change these passwords .

At the same time you should check Password_encryption parameter. This parameter controls ALTER USER and CREATE USER commands, If you don’t specify ENCRYPTED or UNENCRYPTED at this command , the database encrypts passwords.

The value of Password_encryption parameter should be on

postgres=# show Password_encryption;

password_encryption

———————

on

(1 row)

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s