Database Reference
In-Depth Information
For client applications connecting from trusted private networks, either real or virtual
(VPN), you may use host based access. That is, if you know that the machine on which the
application is running is also not used by some non-trusted individuals. For remote access
over public networks, it may be a better idea to use SSL client certificates.
Getting ready
To see which users have unencrypted passwords, use the following query:
test2=# select usename,passwd from pg_shadow where passwd not like
'md5%' or length(passwd) <> 35;
usename | passwd
----------+--------------
tim | weakpassword
asterisk | md5chicken
(2 rows)
To see users with encrypted passwords, use the following:
test2=# select usename,passwd from pg_shadow where passwd like 'md5%'
and length(passwd) = 35;
usename | passwd
----------+-------------------------------------
bob2 | md518cf038878cd04fa207e7f5602013a36
(1 row)
How to do it...
Having the passwords encrypted in the database is just half of the equation.
The bigger problem is making sure that the users actually use passwords that are hard to
guess. That is passwords like "password', 'secret', or 'test' are out, and also, most common
words are not good passwords.
If you don't trust your users to select strong passwords, you can write a wrapper application
that checks the password strength and have them use that when changing passwords. There
exists a contrib module for doing so for a limited set of cases (password sent from client to
server in plaintext). Visit the followin
g website for more information:
http://developer.postgresql.org/pgd
ocs/postgres/passwordcheck.html
