From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
---|---|
To: | "Rudi" <rudi(at)oasis(dot)net(dot)au>, <pgsql-sql(at)postgresql(dot)org> |
Subject: | Re: pg_shadow / pg_user |
Date: | 2002-02-07 02:05:37 |
Message-ID: | GNELIHDDFBOCMGBFGEFOIEEMCBAA.chriskl@familyhealth.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
Hi Rudi,
In the newly-released Postgres 7.2, the passwords are now MD5 encrypted
(IIRC). I highly suggest upgrading to the new version.
Chris
-----Original Message-----
From: pgsql-sql-owner(at)postgresql(dot)org
[mailto:pgsql-sql-owner(at)postgresql(dot)org]On Behalf Of Rudi
Sent: Thursday, 7 February 2002 9:51 AM
To: pgsql-sql(at)postgresql(dot)org
Subject: [SQL] pg_shadow / pg_user
Hi friends,
I've been learning about security using Pg lately.
Up until last night I thought system user passwords were stored safely away
in pg_user.
So far I haven't been able to get any passwords out only '*******'.
Then last night was observing each system table and found that pg_shadow
stores user passwords in clear text.
??
pg_shadow = clear text password
pg_user = hidden password
I guess this means if an intruder gets an appropriate account on the box the
can view all passwords.
I had assumed that system passwords were stored hidden from all eye balls.
Sort of like apache storing http passwords in binary form in a db.
Is this how it is ?
If so I was thinking I like to know if someone tries or succeeds in querying
the pg_shadow table.
I thought maybe to increase the postmaster debug level so that all sql
queries are logged.
Then write a cron job to check this log and email me if it is detected that
a user is attempted or did query
the pg_shadow table.
How does this sound ?
Am I totaly on track ?
Thank for your time and attention
Kind regards
Rudi.
From | Date | Subject | |
---|---|---|---|
Next Message | Rudi | 2002-02-07 02:15:57 | Re: pg_shadow / pg_user |
Previous Message | Rudi | 2002-02-07 01:51:23 | pg_shadow / pg_user |