Find base table columns that name refers to the possibility that these are used to register usernames, passwords, and salt. Password should not be open text. It should be a hash value that has been hashed by using salt.
Notes
The query considers both column names in English and Estonian. Sometimes unique e-mail address is used as the username. However, the query does not take it into account.
Type
General (Overview of some aspect of the database.)
SELECT columns.table_schema, columns.table_name, columns.column_name, columns.data_type, columns.character_maximum_length, columns.ordinal_position
FROM information_schema.columns INNER JOIN information_schema.tables USING (table_schema, table_name)
WHERE table_type='BASE TABLE' AND table_schema NOT IN (SELECT schema_name
FROM INFORMATION_SCHEMA.schemata
WHERE schema_name<>'public' AND
schema_owner='postgres' AND schema_name IS NOT NULL) AND
column_name~*'(kasutajanimi|username|parool|salasona|password|pswd|pwd|sool|salt|slt)'
ORDER BY columns.table_schema, columns.table_name, columns.ordinal_position;
Collections
This query belongs to the following collections:
Name
Description
Find problems by overview
Queries that results point to different aspects of database that might have problems. A human reviewer has to decide based on the results as to whether there are problems or not .
Categories
This query is classified under the following categories:
Name
Description
Result quality depends on names
Queries of this category use names (for instance, column names) to try to guess the meaning of a database object. Thus, the goodness of names determines the number of false positive and false negative results.
Security
Queries of this category provide information about the security measures.