Password Strength and Complexity in PostgreSQL
Password: As we all know, how password play a critical roles in our life. Since we need to manage lots of passwords in personal and professional work life. Some time we will keep the password simple and same. so that we easily remind it and use it whenever we want to use it.
In Database world, Password strength and complexity play a very crucial role, since we all are storing GB’s or TB’s of data in Postgres DB and we all know that what will happen if those data get expose to the external world.
So as per security standard we need to keep our passwords strong, complex and secure. so that no one can easily logged in to your databases.
Postgres Authentication: There are different types of authentication mechanism available in postgres like trust, md5, ldap ,peer, pam ..etc.which we can use to authenticate yourself while you are logging to databases, but today we will discuss more about password/md5 authentication.
What is the basic requirement to make password strong?
The password matching all below characterise is consider as strong password.
- Password should contain Uppercase
- Password should contain Lowercase
- Password should contain Special character.
- Password should be in alphanumeric.
- Password length at least should be defined character length like 15 character.
How we can enable these checks?
To maintain the above password characterise, we have to enforce it while creating a users/role in postgres db. Passwordcheck module is option we can explore and use it.
Passwordcheck module provide functionality to check password length & if password is weaker than the defined length. it will to reject that user to create it in DB.
Default length Password length: 8 Characters.
We can change it as per our required security standard and build it and use it.
How to enable passwordcheck extension?
Step1: Build the module.
Step2: Move the passwordcheck.so file to the postgres lib directory.
cp /usr/local/pgsql/lib/passwordcheck.so /usr/pgsql-15/lib/
chmod 755 /usr/pgsql-15/lib/passwordcheck.soStep3: Set the shared_preload_libraries=passwordcheck
ALTER SYSTEM SET shared_preload_libraries='passwordcheck';Step4: Restart the postgres services.
/usr/pgsql-15/bin/pg_ctl -D /pgdata/data restart