Hello,
With the default WAPT 2.5 installation, there is no password for the postgres and wapt users.
For security reasons, I want to change the password, but the change isn't taking effect.
Here's the procedure I followed:
connecting to the database: `.\psql.exe -U postgres -d wapt`
changing the password: `\password wapt` and `\password postgres`
logging out and attempting to log in, but the password isn't always requested.
If the password is required, it will need to be entered, according to my research, in the file `C:\wapt\waptserver\waptserver.ini`. In this case, how could I encrypt the password to prevent leaks or for security reasons?
[SOLVED] PostgreSQL password change - WAPT
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Tchoko,
The WAPT server must be installed on a machine dedicated to it. The WAPT server is configured to listen only locally (under Linux, it only listens via Unix sockets with `auth ident`). Therefore, if your Postgres database is accessed, your server is already compromised. This might be useful for in-depth security, but in practice, it's overkill for the vast majority of use cases (unless you're willing to enter a password every time you start the server, the disk is encrypted, etc.)
And the first thing to do to have a more easily secure environment is to switch to a Linux server
...
Sincerely,
Denis
version, os, etc. (see forum rules above)
It's a standard PostgreSQL installation; I think you should look at the pg_hba file, etc. It's not a WAPT issue per se.Procedure I followed:
connection to the database: .\psql.exe -U postgres -d wapt
change of password: \password wapt and \password postgres
disconnection and attempted connection but the password is not always requested.
If there's a password on the PostgreSQL database, it must be included in the configuration file. If you want to encrypt the password in the configuration file, you'll then need a separate password somewhere to decrypt the configuration file when the service starts. And if you want the service to start automatically at boot, the decryption password will itself be readable, so you're just shifting the problem...If the password is compromised, it will need to be entered, according to my research, in the file C:\wapt\waptserver\waptserver.ini. In that case, how could the password be encrypted to prevent leaks or for security reasons?.
The WAPT server must be installed on a machine dedicated to it. The WAPT server is configured to listen only locally (under Linux, it only listens via Unix sockets with `auth ident`). Therefore, if your Postgres database is accessed, your server is already compromised. This might be useful for in-depth security, but in practice, it's overkill for the vast majority of use cases (unless you're willing to enter a password every time you start the server, the disk is encrypted, etc.)
And the first thing to do to have a more easily secure environment is to switch to a Linux server
...Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
dcardon
- WAPT Expert
- Messages: 1932
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Tchoko,
thank you for the feedback. I'm marking the topic as RESOLVED. In
my opinion, using a password for the PostgreSQL database only makes sense if the database is hosted on a separate machine (a fairly rare occurrence).
Regards,
Denis
thank you for the feedback. I'm marking the topic as RESOLVED. In
my opinion, using a password for the PostgreSQL database only makes sense if the database is hosted on a separate machine (a fairly rare occurrence).
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
