密码安全
数据库用户密码默认采用md5加密方式存储,密文或*显示。
highgo=#select usename,passwd,valuntil from pg_user;
usename | passwd | valuntil
---------+----------+------------------------
highgo | ******** |
test | ******** | 2017-04-04 12:48:00+08
a | ******** |
b | ******** |
(4rows)
highgo=#select usename,passwd,valuntil from pg_shadow;
usename | passwd | valuntil
---------+-------------------------------------+-----------------------
highgo | md5614aeb636ab143b790547ce463ec1741 |
test | md505a671c66aefea124cc08b76ea6d30bb | 2017-04-04 12:48:00+08
a | md5039af99d1e9a4b194e0eb800a6f8d018 |
b | md583aeaa4e529325e234e9c5c2e01e6c08 |
(4rows)
pg_user或pg_shadow中,列valuntil值为infinity或空值表示用户密码永不过期;默认为空。
数据库用户密码以密文形式保存是受参数password_encryption控制,默认值为on;使用如下修改方式,设置用户密码为明文保存。
highgo=#alter system set password_encryption =off;
ALTERSYSTEM
highgo=#show password_encryption ;
password_encryption
---------------------
on
(1row)
[highgo@sourcedb data]$ pg_ctl reload
日志: 接收到 SIGHUP, 重载配置文件
日志: 参数"password_encryption"被改为"off"
serversignaled
[highgo@sourcedbdata]$ psql
psql(3.0.2)
Type"help" for help.
highgo=#create user c with password 'ccc';
CREATEROLE
highgo=#select usename,passwd,valuntil from pg_shadow;
usename | passwd | valuntil
---------+-------------------------------------+-----------------------
highgo | md5614aeb636ab143b790547ce463ec1741 |
test | md505a671c66aefea124cc08b76ea6d30bb | 2017-04-04 12:48:00+08
c | ccc |
a | md5039af99d1e9a4b194e0eb800a6f8d018 |
b | md583aeaa4e529325e234e9c5c2e01e6c08 |
(5rows)