| From: | Thom Brown <thom(at)linux(dot)com> |
|---|---|
| To: | Machiel Richards <machielr(at)rdc(dot)co(dot)za> |
| Cc: | "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Postgresql security checks |
| Date: | 2010-09-01 09:02:22 |
| Message-ID: | AANLkTi=G8cTEwsP0t0fKk3V5ga9dGFaWwEPjPfkeWrrV@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On 1 September 2010 09:54, Machiel Richards <machielr(at)rdc(dot)co(dot)za> wrote:
> Good day all....
>
> I hope that someone can help me out with this one question quickly....
>
> I am busy setting up a security compliance report for one of our
> clients and one of the things to check is the following:
>
> - Check that no password is equal to the user name or some "initial standard
> password" that your company uses.
>
> Can someone perhaps assist me on how to check this?
>
>
> I would really appreciate help on this as this is the only method I have
> not figured out yet.
You can find out if this rule is already violated by running:
SELECT usename
FROM pg_shadow
WHERE passwd = 'md5' || md5(usename)
OR passwd = 'md5' || md5('company_password');
I don't think password checks are available until 9.0.
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
| From | Date | Subject | |
|---|---|---|---|
| Next Message | damien clochard | 2010-09-01 10:35:02 | Re: Database size in specific metrics |
| Previous Message | Machiel Richards | 2010-09-01 08:54:18 | Postgresql security checks |