pgcrypto keeps visible the private key on the logs? - postgresql

Somebody told me it could be possible if i use pgcrypto pgp_pub_decrypt() function with my queries the logs will reveal the secret key used to decrypt my data
SELECT pgp_pub_decrypt(string_to_decrypt, private_key)
I can not check that because i dont have access to the logs, but if this is true, from my point of view this should be considered as a security issue. Is this true?

Yes, this is true. Assuming you are logging statements.
It is also probably visible in pg_stat_activity to a superuser who is looking at the right moment.
Of course, a superuser could also install an extension to secretly log just crypto-related function calls, that's the nature of having superuser access.
If you don't control the server your database is running on and don't trust the people who do, then you shouldn't store sensitive information in it.

Related

How to turning off logging for certain postgres function calls

I have a couple of functions (login, reset-password) implemented as functions. Is it possible to make sure that these functions are not logged by either postgres itself or any extensions that may be installed?
You cannot absolutely eliminate the possibility of logging parameters. Your log files should only be readable by people you really trust (generally the same people who have superuser on the database). Also, you might consider reading the salt and hash from the database and doing the rehashing and comparison in the app server, rather than sending the password in the clear to the database.

Does PostgresSQL have any default password policy?

I've looked around and haven't found the basic Password requirements, if any, for PostgreSQL. That is, chars allowed, length, casing, etc...
Will someone please point me to these, if they exist?
Thanks
The best you can do on the server is to use the passwordcheck contrib module. You probably have to hack it up to fix your needs.
However, that won't be able to enforce password policies in general, because the server never sees the clear text password unless you change it with
ALTER ROLE xy PASSWORD 'clear_text';
which is not recommended. Changing the password with tools like psql's \password command will hash the password before it is sent to the server, so the server cannot enforce any password rules.
You would have to check the password on the client, but naturally the client is not under your control, unless you restrict severely what people can do on their machines (and people usually find ways around such restrictions).
So there is really no way to do what you want.
What you can do is enable cracklib in the passwordcheck module and this way test the hashed passwords against a dictionary.
For good security, use something like LDAP or Kerberos authentication and implement your password policy there.

PostgreSQL only clear user password

I am having a big problem, quite difficult to find/search.
I have a server in Ubuntu, where inside that server I have installed:
GITLAB (have all proyect)
POSTGRESSQL (Independent gitlab database is used for a personal project)
TOMCAT with APP WEB (Springboot, this use postgres)
This server is still for testing, it is used for specific specific things (I mean, its use and access is limited and controlled)
I am having various problems:
This server is still for testing, it is used for specific specific things (I mean, its use and access is limited and controlled)
Very frequently, almost every day, the user postgres from the postgresql server "erases" the password. Without anyone doing it manually, "it happens exponentially". I notice why the application stops responding, and then I access postgresql and note that the postgres user has no password.
I looked for many places, and I can't find anything. I really don't know where else to look. If someone passed it to you or has information about it, I would be grateful if you could provide it to me.
------More information added----------
I was looking at the postgres logs, before I have no authentication and I see this.
There are times when no one could have been using the springboot server,
--2020-01-17 00:30:21.286
And also the two log that show before that moment. Could it be something that is deleting my password?
Thank you.
PostgreSQL does not randomly delete its own passwords, and I really doubt Tomcat or Gitlab do either. Indeed they shouldn't even have access to the server as the 'postgres' user or any other superuser, and so shouldn't be able to even if they wanted.
It seems like that there is an intruder in your system. After gaining access they create their own user with their own password. Then disabling your normal superuser from logging on is a common way to try to prevent you from regaining control and kicking them out. Do any users exist that you do not recognize?
The bit of the log file you posted clearly shows someone trying to guess your password, starting at 2:58. You aren't logging IP addresses (%h) so it doesn't show where they are coming from. It doesn't show that they succeed, but unless you have log_connections = on, it wouldn't show successes.

DB2 user delete at OS level

If the DB2 uses OS authentication and I delete a DB2 user at the OS level, what will be the impact? Will the DB2 still work fine, and will those privileges that I granted to the user still available after the user is created back?
When asking for help with Db2 please mention your Db2-server platform (Z/os , i-series, Linux/Unix/Windows). The reason is that the answer be different per platform. There are also special tags for your question that you can use to indicate the Db2-platform (db2-zos, db2-400, db2-luw).
If you remove the operating system user the impact is that user can no longer connect to the Db2-database(s) . But any GRANTS that were previously created and stored inside the database(s) will remain unchanged (unless something REVOKES them), even if they will not be used after all pre-existing connections by that removed-operating-system-user are terminated.
For Db2-Linux/Unix/Windows, if you recreate the user in the operating system the previous GRANTS will reapply only if they are still present inside the database and the user successfully reconnects. This behaviour may be different on other platforms.
If the Db2-server is configured with special plugins for security, or uses LDAP or other external tooling then the answer can also be different.

pg_terminate_backend - how to enable its execution by a non-superuser?

I'm writing a function that kills all current operations running on the server, however, pg_terminate_backend only allows superusers to execute it. I've searched around but have failed to find a concrete solution or lead regarding this.
Is it actually possible granting a certain user permission to execute it without making that user a superuser?
Furthermore, I've managed to find some information about people using security definers. I've never used those and didn't really find a use-case of it with pg_terminate.
Anyone ever had any experience with this or knows whether this is possible?
In recent PostgreSQL versions you could grant the user the pg_signal_backend role.
In an antediluvial version like 8.0, you'd have to write a SECURITY DEFINER function owned by a superuser, REVOKE EXECUTE on the function from PUBLIC and grant it to the user that needs to terminate backends.