Password encryption
Hello,
Is there a way I can encrypt the default password column of db user
password. I know by default the password is encrypted as md5, can we
encrypt that of shadow column for password?
Thanks in advance
On 04/15/2018 05:22 PM, Azimuddin Mohammed wrote:
Hello,
Is there a way I can encrypt the default password column of db user
password. I know by default the password is encrypted as md5, can we
encrypt that of shadow column for password?
Are you talking about this view?:
https://www.postgresql.org/docs/10/static/view-pg-shadow.html
If so that is only readable by superusers:
production=# \c - aklaver
You are now connected to database "production" as user "aklaver".
production=> select * from pg_shadow ;
ERROR: permission denied for relation pg_shadow
production=> \c - postgres
You are now connected to database "production" as user "postgres".
production=# select * from pg_shadow ;
usename | usesysid | usecreatedb | usesuper | userepl |
usebypassrls | passwd | valuntil | useconfig
...
Assuming someone is in your database as a superuser, access to the
password field in pg_shadow is pretty much moot.
Thanks in advance
--
Adrian Klaver
adrian.klaver@aklaver.com
On 04/15/2018 07:22 PM, Azimuddin Mohammed wrote:
Hello,
Is there a way I can encrypt the default password column of db user
password. I know by default the password is encrypted as md5, can we
encrypt that of shadow column for password?
MD5 is a *one-way hash*, not an encryption scheme. Thus, the password
cannot be reverse-computed from the MD5 hash value. So, you're (kinda)
safe, although an attacker could determine the password through brute-force
calculation of hashes.
--
Angular momentum makes the world go 'round.