This article explains how to improve security in PostgreSQL by converting the hashes to scram-sha-256.
By default, PostgreSQL is configured to use MD5. To verify, we can log into the psql with a user that has the appropriate permissions and run the following command:
show password_encryption;
Changing Password Encryption
Note- When changing the password encryption in PostgreSQL, there are 2 things that we must be aware of:
- Any PostgreSQL client used must support scram-sha-256
- After changing the password encryption to scram-sha-256, all authenticated users within PostgreSQL will need to set new passwords, as the new password must be saved as scram
To change the password encryption in PostgreSQL:
Open the PostgreSQL configuration file
vi /var/lib/pgsql/11/data/postgresql.conf
Once the file has been opened, search for the following line:
password_encryption =
If, configured for MD5, it can by changed to scram-sha-256 by configuring the following:
password_encryption = scram-sha-256
Once the postgresql.conf file is modified, save and close your editor. Then, restart the postgresql service.
*example PostgreSQL-11*
systemctl restart postgresql-11
You can then log back into psql to verify the change.
The PostgreSQL user password can now be changed using the psql command
\password user_name
Comments
0 comments
Please sign in to leave a comment.