Marko Kreen <markokr(at)gmail(dot)com> writes:
> So promoting the ENCRYPTED 'foo' as "secure" may lure users into
> false sense of security, and be lax against sniffing and logfile
This argument is entirely irrelevant to the point. Yes, ENCRYPTED
doesn't fix everything, but it is still good practice to use it
and most well-written tools will. So having a weak-password detector
that can only work on non-encrypted passwords is going to not be
> IOW, having plaintext password in CREATE/ALTER time which can
> then checked for weaknesses is better that MD5 password, which
> actually does not increase security.
This is not acceptable and will not happen. The case that ENCRYPTED
protects against is database superusers finding out other users'
original passwords, which is a security issue to the extent that those
users have used the same/similar passwords for other systems.
We're not going to give up protection for that in order to provide
an option to do weak-password checking in a place that simply isn't
the best place to do it anyway.
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Robert Haas||Date: 2009-09-28 18:40:15|
|Subject: Re: Rejecting weak passwords|
|Previous:||From: Robert Haas||Date: 2009-09-28 18:32:21|
|Subject: Re: syslog_line_prefix|