You're reading from PostgreSQL 16 Administration Cookbook Solve real-world Database Administration challenges with 180+ practical recipes and best practices

Product type Paperback

Published in Dec 2023

Publisher Packt

ISBN-13 9781835460580

Length 636 pages

Edition 1st Edition

Languages

SQL

Tools

PostgreSQL

Concepts

Database Administration

Authors (5):

Boriss Mejías

Jimmy Angelakos

Simon Riggs

Gianni Ciolli

Vibhor Kumar

+1 more

View More author details

Table of Contents (15) Chapters

Preface

1. First Steps

2. Exploring the Database FREE CHAPTER

3. Server Configuration

4. Server Control

5. Tables and Data

6. Security

7. Database Administration

8. Monitoring and Diagnosis

9. Regular Maintenance

10. Performance and Concurrency

11. Backup and Recovery

12. Replication and Upgrades

13. Other Books You May Enjoy

14. Index

Changing your password securely

If you are using password authentication, then you may wish to change your password from time to time. This can be done from any interface. pgAdmin is a good choice, but here we will show how to do that from psql.

How to do it…

The most basic method is to use the psql tool. The \password command will prompt you once for a new password and again to confirm. Connect to the psql tool and type the following:

postgres=# SET password_encryption = 'scram-sha-256';
postgres=# \password

Enter a new password. This causes psql to send a SQL statement to the PostgreSQL server, which contains an already encrypted password string. An example of the SQL statement sent is as follows:

ALTER USER postgres PASSWORD 'SCRAM-SHA-256$4096:H45+UIZiJUcEXrB9SHlv5Q==$I0mc87UotsrnezRKv9Ijqn/zjWMGPVdy1zHPARAGfVs=:nSjwT9LGDmAsMo+GqbmC2X/9LMgowTQBjUQsl45gZzA=';

Make sure you use the SCRAM-SHA-256 encryption, not the older and easily compromised MD5 encryption. Whatever you do, don’t use postgres as your password. This will make you vulnerable to idle hackers, so make it a little more difficult than that!

Make sure you don’t forget your password either. It may prove difficult to maintain your database if you can’t access it.

How it works…

As changing the password is just an SQL statement, any interface can do this.

If you don’t use one of the main routes to change the password, you can still do it yourself, using SQL from any interface. Note that you need to encrypt your password because if you do submit one in plain text, such as the following, it will be shipped to the server in plaintext:

ALTER USER myuser PASSWORD 'secret';

Luckily, the password in this case will still be stored in an encrypted form, but it will also be recorded in plaintext in the psql history file, as well as in any server and application logs, depending on the actual log-level settings.

PostgreSQL doesn’t enforce a password change cycle, so you may wish to use more advanced authentication mechanisms, such as GSSAPI, SSPI, LDAP, or RADIUS.