| From: | "Oliver Elphick" <olly(at)lfix(dot)co(dot)uk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [BUGS] user authentication crash by Erik Luke |
| Date: | 2001-11-01 17:34:01 |
| Message-ID: | 200111011734.fA1HY1YT000762@linda.lfix.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
>Hmm. I can see how a linefeed in a password would create a problem (it
>breaks the line-oriented formatting of the pg_pwd file).
...
>In any case it seems like it'd be a good idea to forbid nonprinting
>characters in passwords. Comments anyone?
That sounds too restrictive; allowing non-printing characters should
improve password security. Why not simply exclude linefeed and
carriage return? (And possibly ctrl-Q and ctrl-S as well, in case there
is still anyone running a terminal with XON/XOFF flow control.)
--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"But they that wait upon the LORD shall renew their
strength; they shall mount up with wings as eagles;
they shall run, and not be weary; and they shall walk,
and not faint." Isaiah 40:31
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-11-01 17:52:28 | Re: [BUGS] user authentication crash by Erik Luke (20-08-2001; 1.3kb) |
| Previous Message | Doug McNaught | 2001-11-01 17:11:05 | Re: Serious performance problem |