Re: Postgresql security checks

On 1 September 2010 09:54, Machiel Richards <machielr@rdc.co.za> wrote:
> Good day all....
>
>      I hope that someone can help me out with this one question quickly....
>
>       I am busy setting up a security compliance report for one of our
> clients and one of the things to check is the following:
>
> - Check that no password is equal to the user name or some "initial standard
> password" that your company uses.
>
>     Can someone perhaps assist me on how to check this?
>
>
>     I would really appreciate help on this as this is the only method I have
> not figured out yet.

You can find out if this rule is already violated by running:

SELECT usename
FROM pg_shadow
WHERE passwd = 'md5' || md5(usename)
OR passwd = 'md5' || md5('company_password');

I don't think password checks are available until 9.0.

--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935