From PostgreSQL 9.x Security Technical Implementation Guide
Part of SRG-APP-000171-DB-000074
Associated with: CCI-000196
The DoD standard for authentication is DoD-approved PKI certificates.
To check if password encryption is enabled, as the database administrator (shown here as "postgres"), run the following SQL: $ sudo su - postgres $ psql -c "SHOW password_encryption" If password_encryption is not on, this is a finding. Next, to identify if any passwords have been stored without being hashed and salted, as the database administrator (shown here as "postgres"), run the following SQL: $ sudo su - postgres $ psql -x -c "SELECT * FROM pg_shadow" If any password is in plaintext, this is a finding.
Note: The following instructions use the PGDATA and PGVER environment variables. See supplementary content APPENDIX-F for instructions on configuring PGDATA and APPENDIX-H for PGVER. To enable password_encryption, as the database administrator, edit postgresql.conf: $ sudo su - postgres $ vi ${PGDATA?}/postgresql.conf password_encryption = on Institute a policy of not using the "WITH UNENCRYPTED PASSWORD" option with the CREATE ROLE/USER and ALTER ROLE/USER commands. (This option overrides the setting of the password_encryption configuration parameter.) As the system administrator, restart the server with the new configuration: # SYSTEMD SERVER ONLY $ sudo systemctl restart postgresql-${PGVER?} # INITD SERVER ONLY $ sudo service postgresql-${PGVER?} restart
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer