| From: | Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
|---|---|
| To: | Steve Atkins <steve(at)blighty(dot)com> |
| Cc: | pgsql general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Password strength requirements |
| Date: | 2006-12-21 20:04:33 |
| Message-ID: | 20061221200430.GE2576@batory.org.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 21 Dec 2006, Steve Atkins wrote:
> >Is there any way to disallow self changing of password by ordinary
> >users? Or force password strength in any other way?
>
> If you check http://www.postgresql.org/docs/8.2/static/client-authentication.html
> you'll see a bunch of different ways to authenticate users. Most of
> them are external to the database, so don't allow changing the
> password from within the database.
But I need an ability to change passwords. The easiest way to do it
would be to create a "security definer" function owned by a role with
"create role" privilege that checks password strength and changes
password, for example:
create or replace function change_password(_password text)
returns void
language plpgsql
volatile
security definer
as $function$
begin
if (
char_length(_password)<8
or _password !~ '[A-Z]'
or _password !~ '[a-z]'
or _password !~ '[0-9]'
) then
raise exception 'Password too weak, because ...';
end if;
execute 'alter user ' || quote_ident(session_user)
|| ' password ' || quote_literal(_password)
|| ' valid until ' || quote_literal(current_timestamp+'60 days'::interval);
return;
end;
$function$;
But any user can change his password using 'alter user ... password
...'. If there was any way of preventing users without "create role"
privilege from changing their own passwords this would be good enough.
I'll just need to ensure encrypted connections to the database.
If I had to use external authentication it'd need a lot of work - I'd
need to learn, setup, document and maintain this external
authentication, provide a way of changing passwords securely other
than using a database, create one more single point of failure,
etc...
Or I'll just ignore this possibility of choosing weak password. It
would not reset account validity time anyway. Also nobody would
notice - application interface will use this change_password function
- it's just not the right way.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc Evans | 2006-12-21 20:10:01 | Re: Partitioning Vs. Split Databases - performance? |
| Previous Message | Vlad | 2006-12-21 20:01:58 | Re: Partitioning Vs. Split Databases - performance? |