PostgreSQL cleartext passwords

I'm currently evaluating PostreSQL, but this posting regarding passwords
being stored in cleartext has me a bit concerned. I tried to find more
information regarding this issue, but with no luck. Could you please share
you thoughts on this.

-david

Date: Sun, 23 Apr 2000 22:02:45 +0200
From: Robert van der Meulen <rvdm(at)CISTRON(dot)NL>
Subject: Postgresql cleartext password storage
To: BUGTRAQ(at)SECURITYFOCUS(dot)COM

Hi,

While migrating some postgres databases to a different server (including
user accounts) i noticed the following problem in the way postgres stores
user passwords:

SmellyCat:/var/postgres/data# strings pg_shadow
someaccountname
someaccountpassword
anotheraccountname
anotheraccountpassword
SmellyCat:/var/postgres/data#

This means postgresql stores usernames and passwords, cleartext, in
pg_shadow.
pg_shadow (and the other administrative tables) are owned by user postgres,
and only readable by user postgres, although modifying them trough the pgsql
monitor is usually protected by a password.

The passwords being cleartext, and readable by user postgres (and root,
ofcourse), allows bypassing the password mechanism, and gives access to all
databases. (compromising user 'postgres' or reading the pg_shadow file gives
access to the usernames/passwords)

Ofcourse this came in handy for me, but i think it's not the way it should
be :)
I tested this on postgres versions 6.3.2 and 6.5.3 , others probably
experience this problem as well.

This message is mailed to bugtraq, and Cc'd to the postgresql developers.

Greets,
Robert van der Meulen/Emphyrio

--

| rvdm(at)cistron(dot)nl - Cistron Internet Services - www.cistron.nl |
| php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security |
| My statements are mine, and not necessarily cistron's. |