| Query goal: | Find base table columns that name refers to the possibility that these are used to register usernames, passwords, and salt. Password should not be open text. It should be a hash value that has been hashed by using salt. |
| Notes about the query: | The query considers both column names in English and Estonian. Sometimes unique e-mail address is used as the username. However, the query does not take it into account. |
| Query type: | General (Overview of some aspect of the database.) |
| Query license: | MIT License |
| Data source: | INFORMATION_SCHEMA only |
| SQL query: | Click on query to copy it
SELECT columns.table_schema, columns.table_name, columns.column_name, columns.data_type, columns.character_maximum_length, columns.ordinal_position FROM information_schema.columns INNER JOIN information_schema.tables USING (table_schema, table_name) WHERE table_type='BASE TABLE' AND table_schema NOT IN (SELECT schema_name FROM INFORMATION_SCHEMA.schemata WHERE schema_name<>'public' AND schema_owner='postgres' AND schema_name IS NOT NULL) AND column_name~*'(kasutajanimi|username|parool|salasona|password|pswd|pwd|sool|salt|slt)' ORDER BY columns.table_schema, columns.table_name, columns.ordinal_position; |
| Collection name | Collection description |
|---|---|
| Find problems by overview | Queries that results point to different aspects of database that might have problems. A human reviewer has to decide based on the results as to whether there are problems or not . |
| Category name | Category description |
|---|---|
| Result quality depends on names | Queries of this category use names (for instance, column names) to try to guess the meaning of a database object. Thus, the goodness of names determines the number of false positive and false negative results. |
| Security | Queries of this category provide information about the security measures. |