PG_PWD and PG_PASSWORD Security

Started by Anthony Metzidisabout 25 years ago2 messagesgeneral

Jump to latest

Anthony Metzidis

metzidis@mednet.ucla.edu

about 25 years ago

Hi,

When I 'CREATE USER testuser WITH PASSWORD 'mypassword';

I see an entry in PG_PWD with the password 'mypassword' in plaintext.

In my pg_hba.conf I have all hosts using 'password' authentication with no

file argument. Is there any way to keep postgres from saving the passwords

in plain text? This seems to be a huge security hole. I thought that passwords were to be saved in PG_SHADOW. What is

PG_SHADOW for anyway?

If you have an answer, can you please cc: my email?

Thanks.

--tony

postgresql 7.0.3

Peter Eisentraut

peter_e@gmx.net

about 25 years ago

In reply to: Anthony Metzidis (#1)

Re: PG_PWD and PG_PASSWORD Security

Anthony Metzidis writes:

Is there any way to keep postgres from saving the passwords in plain
text?

No.

This seems to be a huge security hole.

No, because the directory that contains these files shouldn't be world
readable. The issue has been noted though, but no one has implemented a
better solution yet.

I thought that passwords were to be saved in PG_SHADOW. What is
PG_SHADOW for anyway?

Pg_shadow is the system catalog table that stores the user information,
such as user name and password. The pg_pwd file is a plain text dump of
pg_shadow, which is necessary because at the time the password is needed
(during the connection attempt), the system can't read the pg_shadow table
yet (because it's not connected yet, sort of).

--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/