Re: Postgresql security checks
| От | Thom Brown |
|---|---|
| Тема | Re: Postgresql security checks |
| Дата | |
| Msg-id | AANLkTi=G8cTEwsP0t0fKk3V5ga9dGFaWwEPjPfkeWrrV@mail.gmail.com обсуждение исходный текст |
| Ответ на | Postgresql security checks (Machiel Richards <machielr@rdc.co.za>) |
| Ответы |
Re: Postgresql security checks
|
| Список | pgsql-novice |
On 1 September 2010 09:54, Machiel Richards <machielr@rdc.co.za> wrote:
> Good day all....
>
> I hope that someone can help me out with this one question quickly....
>
> I am busy setting up a security compliance report for one of our
> clients and one of the things to check is the following:
>
> - Check that no password is equal to the user name or some "initial standard
> password" that your company uses.
>
> Can someone perhaps assist me on how to check this?
>
>
> I would really appreciate help on this as this is the only method I have
> not figured out yet.
You can find out if this rule is already violated by running:
SELECT usename
FROM pg_shadow
WHERE passwd = 'md5' || md5(usename)
OR passwd = 'md5' || md5('company_password');
I don't think password checks are available until 9.0.
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
В списке pgsql-novice по дате отправления: