Catalog of PostgreSQL queries for finding information about a PostgreSQL database and its design problems

AND
AND
ANDQueries of this category provide information about the security measures.
ANDFrom where does the query gets its information?
AND
AND

There are 59 queries.

Seq nrNameGoalTypeData sourceLast updateLicense...
1All database privilegesFind the privileges to use the database. c - CONNECT; C - CREATE; T - TEMPORARY.Generalsystem catalog base tables only2021-11-23 20:28MIT License
View
2All security policiesFind all security policies.Generalsystem catalog base tables only2023-11-17 18:41MIT License
View
3Are the passwords hashed?Find base table columns that name refers to the possibility that these are used to register passwords. Return a value from each such column. Make sure that the password is not registered as open text.GeneralINFORMATION_SCHEMA+system catalog base tables2020-11-10 12:14MIT License
View
4Base table columns for storing username, password, and saltFind base table columns that name refers to the possibility that these are used to register usernames, passwords, and salt. Password should not be open text. It should be a hash value that has been hashed by using salt.GeneralINFORMATION_SCHEMA only2020-11-06 14:51MIT License
View
5Database can be accessed through PUBLIC privilegesFind as to whether the database access by users (applications) can take place thanks to PUBLIC privileges, i.e., find as to whether PUBLIC (all current and future users) has CONNECT privilege in the database. PUBLIC gets the privilege by default.Problem detectionsystem catalog base tables only2022-10-31 10:19MIT License
View
6Database connect privilege is missingFind non-superusers who have a privilege to use a table or a routine but do not have the privilege to connect to the database.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-11-21 13:51MIT License
View
7Different search paths of SECURITY DEFINER functionsFind the different search paths used in case of SECURITY DEFINER functions and the number of their occurrences. Make sure that these have been specified correctly and consistently and that they do not refer to any non-existent schemas.GeneralINFORMATION_SCHEMA+system catalog base tables2020-12-16 10:59MIT License
View
8Excessive privileges on databases, schemas, domains, types, languages, foreign data wrappers, and foreign serversFind excessive privileges on databases, schemas, domains, collations, sequences, foreign data wrappers, and foreign servers that are probably not needed by a typical application.Problem detectionsystem catalog base tables only2021-12-31 14:40MIT License
View
9Extension routines that execution privilege has been granted to PUBLICKnow the privileges that users have in your system. Probably all the database users do not need these privileges.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-02-25 17:30MIT License
View
10Grantable column privilegesFind column privileges that the carrier of the privilege can in turn grant to others, i.e., the privileges have been given WITH GRANT OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionINFORMATION_SCHEMA+system catalog base tables2024-01-07 13:43MIT License
View
11Grantable privileges on the database and its schemas, domains, types, languages, sequences, foreign data wrappers, and foreign serversFind privileges on the database and its schemas, domains, types, languages, sequences, foreign data wrappers, and foreign servers that the carrier of the privilege can in turn grant to others, i.e., the privileges have been given WITH GRANT OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionsystem catalog base tables only2024-01-07 13:43MIT License
View
12Grantable rolesFind roles that a member can grant to others, i.e., the role has been granted with ADMIN OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionsystem catalog base tables only2024-01-07 13:42MIT License
View
13Grantable routine privilegesFind routine privileges that the carrier of the privilege can in turn grant to others, i.e., the privileges have been given WITH GRANT OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionINFORMATION_SCHEMA+system catalog base tables2024-01-07 13:43MIT License
View
14Grantable table privilegesFind table privileges that the carrier of the privilege can in turn grant to others, i.e., the privileges have been given WITH GRANT OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionINFORMATION_SCHEMA+system catalog base tables2024-01-07 13:43MIT License
View
15Grantable usage privilegesFind usage privileges that the carrier of the privilege can in turn grant to others, i.e., the privileges have been given WITH GRANT OPTION. The number of privileges that can be passed on should be as small as possible.Problem detectionINFORMATION_SCHEMA+system catalog base tables2024-01-07 13:43MIT License
View
16Granted rolesFind membership relations between roles.Generalsystem catalog base tables only2024-01-07 13:30MIT License
View
17GranteesDatabase must be used by users who have minimal set of privileges for performing tasks. The query helps to find out as to whether some user/role other than PUBLIC and a superuser have rights to use tables and routines of the database.GeneralINFORMATION_SCHEMA only2020-11-06 14:51MIT License
View
18Incorrect password hash updateFind row level update triggers that incorrectly implement update of password hash. It should not be that the new password hash is calculated based on the existing hash.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-02-25 17:29MIT License
View
19Installed extensionsTry to use as much the possibilities of the DBMS as possible. On the other hand, do not install extensions that are not needed in order not to overcomplicate the database.Generalsystem catalog base tables only2020-11-06 14:51MIT License
View
20Insufficient routine privilegesYou must give rights to use routines to the users/roles that correspond to applications.Problem detectionINFORMATION_SCHEMA+system catalog base tables2021-02-25 17:29MIT License
View