Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Greetings, There appears to be some deficiencies in both the documentation of the 'md5' authentication methology in pghba.conf and in the md5 hash generation which is stored in pgshadow. The md5 hash which is generated for and stored in pgshadow does not use a random salt but instead uses the...

Postgresql cleartext password storage

Hi, While migrating some postgres databases to a different server including user accounts i noticed the following problem in the way postgres stores user passwords: SmellyCat:/var/postgres/data strings pgshadow someaccountname someaccountpassword anotheraccountname anotheraccountpassword...

PostgreSQL 6.3.2/6.5.3 - Cleartext Passwords

source: https://www.securityfocus.com/bid/1139/info PostgreSQL is a free RDBMS that is released under a Berkeley style license. PostgreSQL stores passwords for database users in a binary file called pgshadow. This file is readable by root and the postgres user. Unfortunately, these passwords are...

PostgreSQL 6.3.26.5.3 - Cleartext Passwords

PostgreSQL 6.3.26.5.3 - Cleartext Passwords source: https://www.securityfocus.com/bid/1139/info PostgreSQL is a free RDBMS that is released under a Berkeley style license. PostgreSQL stores passwords for database users in a binary file called pgshadow. This file is readable by root and the postgr...