Re: PostgreSQL cleartext passwords

One of the nice things about MySql is a function that can encrypt
passwords for you.  You end up with something like the password scheme in
unix where you can encrypt, but not decrypt, which is good enough for many
puposes.  Once the password is encrypted, it could just be stored as a
plain text field.

There has to be some library which provides a function to encrypt
passwords.  One would just have to write a wrapper for it to make that a
dynamically loaded function in Postgres.  Then you could do something
like:

insert into my_password_table values ('idnum', 'Travis Bauer', encrypt('my
password);

That couldn't be too hard.

----------------------------------------------------------------
Travis Bauer | CS Grad Student | IU |www.cs.indiana.edu/~trbauer
----------------------------------------------------------------

On Thu, 18 May 2000, David Duddleston wrote:

>
>
> I'm currently evaluating PostreSQL, but this posting regarding passwords
> being stored in cleartext has me a bit concerned. I tried to find more
> information regarding this issue, but with no luck. Could you please share
> you thoughts on this.
>
> -david
>
>
> Date:         Sun, 23 Apr 2000 22:02:45 +0200
> From: Robert van der Meulen <rvdm@CISTRON.NL>
> Subject:      Postgresql cleartext password storage
> To: BUGTRAQ@SECURITYFOCUS.COM
>
> Hi,
>
> While migrating some postgres databases to a different server (including
> user accounts) i noticed the following problem in the way postgres stores
> user passwords:
>
> SmellyCat:/var/postgres/data# strings pg_shadow
> someaccountname
> someaccountpassword
> anotheraccountname
> anotheraccountpassword
> SmellyCat:/var/postgres/data#
>
> This means postgresql stores usernames and passwords, cleartext, in
> pg_shadow.
> pg_shadow (and the other administrative tables) are owned by user postgres,
> and only readable by user postgres, although modifying them trough the pgsql
> monitor is usually protected by a password.
>
> The passwords being cleartext, and readable by user postgres (and root,
> ofcourse), allows bypassing the password mechanism, and gives access to all
> databases. (compromising user 'postgres' or reading the pg_shadow file gives
> access to the usernames/passwords)
>
> Ofcourse this came in handy for me, but i think it's not the way it should
> be :)
> I tested this on postgres versions 6.3.2 and 6.5.3 , others probably
> experience this problem as well.
>
> This message is mailed to bugtraq, and Cc'd to the postgresql developers.
>
> Greets,
>     Robert van der Meulen/Emphyrio
>
> --
>
> |      rvdm@cistron.nl - Cistron Internet Services - www.cistron.nl        |
> |          php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security             |
> |         My statements are mine, and not necessarily cistron's.           |
>