Article directory
foreword
PostgreSQL passwords sent over the network in clear text can be easily discovered by unauthorized users. A compromised password could easily lead to unauthorized access to the database.
1. Check configuration
As the database administrator (shown here as "postgres"), look at the authentication entry in pg_hba.conf:
cat ${PGDATA?}/pg_hba.conf
As shown in the figure below, if any entry uses method (the last column in the record) other than "MD5", there is a security risk.
2. Reinforcement suggestions
As the database administrator (shown here as "postgres"), edit the pg_hba.conf file and change the "method" column value to "md5".
vi ${PGDATA?}/pg_hba.conf
As shown in the figure below, change the "method" column value of all entries to "md5".
Summarize
If used for authentication passwords, PostgreSQL must only transmit encrypted passwords.