PostgreSQL database user password encryption method

PostgreSQL database user password encryption method: several tables related to user passwords in postgresql: selectusername, passwdfrompg_shadow; selectrolname, rolpasswordfrompg_authid; selectusename, passwdfrompg_user; selectrolname, role

PostgreSQL database user password encryption method first, let's talk about several postgresql tables involving user passwords: select username, passwd from pg_shadow; select rolname, rolpassword from pg_authid; select usename, passwd from pg_user; select rolname, rolpassword from pg_roles ww

PostgreSQL database user password encryption method

First, let's talk about several tables in postgresql that involve user passwords:

Select username, passwd from pg_shadow;

Select rolname, rolpassword from pg_authid;

Select usename, passwd from pg_user;

Select rolname, rolpassword from pg_roles

Www.2cto.com

The first two tables have encrypted password strings, and the passwords stored in the last two tables are ***. We are interested in the first two tables. Through a simple test, we can find that, for the same user, the encrypted string obtained using the same password is the same.

It is generally known that the MD5 method is configured in pg_cmd.conf to access encryption, so the password data stored in the User table should also be md5 encrypted data, but it is unknown how to combine encryption.

Recently, when I read this source code, I found that the postgresql encryption method is md5 (user + passwd.

For example, if the user is test and the password is 123456, the passwd in pg_shadow must be

47ec2dd791e31e2ef2076caf64ed9b3d

You can use select md5 ('test123456') for verification.

Www.2cto.com

With this in mind, we can adjust the source code and improve the encryption method to enhance the security to a certain extent.

I will not tell the average person.