Question: How do you configure password encryption in the postgresql.conf file?
Answer
PostgreSQL provides various settings in its configuration file postgresql.conf
to manage database behavior. One important aspect of database security is password encryption. The password_encryption
parameter in the postgresql.conf
file determines how passwords are encrypted when they are stored in the system catalogs.
Configuring Password Encryption
To configure password encryption, locate your postgresql.conf
file (usually found in the data directory of your PostgreSQL installation) and adjust the password_encryption
setting. Here's a brief overview of how this can be done:
-
Open the
postgresql.conf
file:vim /path/to/your/postgresql/data/directory/postgresql.conf
-
Find the
password_encryption
line or add it if it doesn't exist: In versions prior to PostgreSQL 10, you can set this parameter toon
oroff
, which controls whether passwords are stored as MD5 hashes (on
) or in plain text (off
). From PostgreSQL 10 onwards, this parameter accepts different methods likescram-sha-256
which offers better security than MD5.# For PostgreSQL 10 and above password_encryption = 'scram-sha-256' # Recommended method
-
Save the changes and close the file.
-
Reload the PostgreSQL configuration to apply changes: You can reload the configuration without restarting the server by using the following SQL command:
SELECT pg_reload_conf();
Applying Changes
After changing the password_encryption
parameter, only new passwords or updated passwords will use the new encryption method. Existing passwords are not automatically re-encrypted. To update existing passwords, users should change their passwords after the modification of this setting.
Verifying Your Settings
To ensure your setting has been applied, you can check the current value of password_encryption
in the database with:
SHOW password_encryption;
This setup enhances the security of your PostgreSQL installation by ensuring that passwords are not stored in plain text and are protected against various types of attacks.
Was this content helpful?
Other Common PostgreSQL Questions (and Answers)
- How do you manage Postgres replication lag?
- How can I limit the number of rows updated in a PostgreSQL query?
- How does sharding work in PostgreSQL?
- How do you limit the number of rows deleted in PostgreSQL?
- How do you use the PARTITION OVER clause in PostgreSQL?
- What are PostgreSQL replication slots and how do they work?
- How can you partition an existing table in PostgreSQL?
- How do you partition a table by multiple columns in PostgreSQL?
- How do you check the replication status in PostgreSQL?
- What are the scaling limits of PostgreSQL?
- How do you scale Azure PostgreSQL?
- How do you use the limit clause in PostgreSQL to get the top N rows of a query result?
Free System Design on AWS E-Book
Download this early release of O'Reilly's latest cloud infrastructure e-book: System Design on AWS.
Switch & save up to 80%
Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement. Instantly experience up to a 25X boost in performance and 80% reduction in cost