Checking whether all users have a secure password
PostgreSQL has no built-in facilities to make sure that you are using strong passwords.
The best you can do is to make sure that all user passwords are encrypted, and that your pg_hba.conf file does not allow logins with a plain password; that is, always use the SCRAM-SHA-256 login method for users, which was added in PostgreSQL 10. Any servers upgrading from earlier versions should upgrade from md5 to SCRAM-SHA-256 password encryption.
For client applications connecting from trusted private networks, either real or virtual (VPN), you may use host-based access, provided you know that the machine on which the application is running is not used by some non-trusted individuals. For remote access over public networks, it may be a better idea to use SSL client certificates.
How to do it…
To see which users don't yet have SCRAM encrypted passwords, use this query:
test2=# select usename,passwd from pg_shadow where passwd not like ‘SCRAM%’ or passwd...
