VMware Postgres must set client-side character encoding to UTF-8.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239216 | VCPG-67-000024 | SV-239216r717067_rule | Medium |
| Description |
|---|
| A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail to an unsafe state. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42449r679019_chk ) |
|---|
| At the command prompt, execute the following command: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SHOW client_encoding;"|sed -n 3p|sed -e 's/^[ ]*//' Expected result: UTF8 If the output does not match the expected result, this is a finding. |
| Fix Text (F-42408r679020_fix) |
|---|
| At the command prompt, execute the following commands: # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "ALTER SYSTEM SET client_encoding TO 'UTF8';" # /opt/vmware/vpostgres/current/bin/psql -U postgres -c "SELECT pg_reload_conf();" |