Postgres密码安全

密码安全

数据库用户密码默认采用md5加密方式存储，密文或*显示。

highgo=#select usename,passwd,valuntil from pg_user;

 usename | passwd  |        valuntil       

---------+----------+------------------------

 highgo | ******** |

 test   | ******** | 2017-04-04 12:48:00+08

 a      | ******** |

 b      | ******** |

(4rows)

 

highgo=#select usename,passwd,valuntil from pg_shadow;

 usename |               passwd                |        valuntil       

---------+-------------------------------------+-----------------------

 highgo | md5614aeb636ab143b790547ce463ec1741 |

 test   | md505a671c66aefea124cc08b76ea6d30bb | 2017-04-04 12:48:00+08

 a      | md5039af99d1e9a4b194e0eb800a6f8d018 |

 b      | md583aeaa4e529325e234e9c5c2e01e6c08 |

(4rows)

pg_user或pg_shadow中，列valuntil值为infinity或空值表示用户密码永不过期；默认为空。

数据库用户密码以密文形式保存是受参数password_encryption控制，默认值为on；使用如下修改方式，设置用户密码为明文保存。

highgo=#alter system set password_encryption =off;

ALTERSYSTEM

highgo=#show password_encryption ;

 password_encryption

---------------------

 on

(1row)

 

 [highgo@sourcedb data]$ pg_ctl reload

日志:  接收到 SIGHUP, 重载配置文件

日志:  参数"password_encryption"被改为"off"

serversignaled

[highgo@sourcedbdata]$ psql

psql(3.0.2)

Type"help" for help.

highgo=#create user c with password 'ccc';

CREATEROLE

highgo=#select usename,passwd,valuntil from pg_shadow;

 usename |               passwd                |        valuntil       

---------+-------------------------------------+-----------------------

 highgo | md5614aeb636ab143b790547ce463ec1741 |

 test   | md505a671c66aefea124cc08b76ea6d30bb | 2017-04-04 12:48:00+08

 c      | ccc                                 |

 a      | md5039af99d1e9a4b194e0eb800a6f8d018 |

 b      | md583aeaa4e529325e234e9c5c2e01e6c08 |

(5rows)