6May
Can I skip any password hashing for localhost authentication?
Setup
I have several services (Postfix, Apache (PHP)) that access a PostgreSQL database on a Debian Linux 10 system.
- everyone is on the same host
- they use the loopback interface (127.0.0.1) to communicate
- the accessing services store the db user and db password in plain in configuration files
- owned by root:(service) and mode 640
By default PostgreSQL (in pg_hba.conf) is set to use MD5 for password hashing. I was about to upgrade to scram-sha-256 but then realized that any hashing is most likely meaningless.
Threat Analysis
AFAICS there are three attack points and nowhere does hashing provide any extra security:
- the accessing service: It stores the password in plaintext anyway, no hashing is applied here.
- communication channel (loopback): Is "sufficiently" secure. Any breach here would mean kernel access level which could also read the password stored in the configuration file of the service itself.
- PostgreSQL server: Does not need the password. Any breach here could just access the data.
The passwords are not reused anywhere, so knowing the password does not yield any other access.
Question
Can I switch to plaintext password authentication in ph_hba.conf without any loss in security?
