| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Pavel Borisov <pashkin(dot)elfe(at)gmail(dot)com> |
| Cc: | noloader(at)gmail(dot)com, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: [OT] Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL |
| Date: | 2023-01-10 22:21:27 |
| Message-ID: | 379034.1673389287@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Pavel Borisov <pashkin(dot)elfe(at)gmail(dot)com> writes:
> Regarding the fact that using weak passwords isn't limited, I think
> anyone can write an extension that limits (or advises against) weak
> passwords based on the author's definition of weakness, like checking
> by dictionary or so. That's the power of Postgres extensibility. I
> don't like an idea that Postgres core should enforce some arbitrary
> things like "weakness".
It's less easy than it sounds, actually, because current best practice
is that the server will never see the cleartext password at all, so
you can't apply the usual litany of weak-password checks. About all
you can do is apply a brute force rainbow attack, which is far from
cheap (although I guess the DBA could run such checks in the background).
Even that might be rendered infeasible if the password is stored as
a SCRAM verifier; I'm not sure about that. Anyway, this is why
contrib/passwordcheck is a development backwater rather than something
people actually use.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-01-11 00:39:06 | Re: set_config with is_local parameter true escapes transaction boundaries |
| Previous Message | Andres Freund | 2023-01-10 20:47:11 | Re: Postgres connection growing memory usage over time! This right after the connections in the pool are closed and opened again. |