Skip site navigation (1) Skip section navigation (2)

Re: Rejecting weak passwords

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: "" <mlortiz(at)uci(dot)cu>
Cc: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Rejecting weak passwords
Date: 2009-09-28 13:54:56
Message-ID: 4AC0C030.9080803@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-hackers

Ing. Marcos L. Ortí­z Valmaseda wrote: 
>>
>> My vote is for #3, if anything.
>>
>>
> You have to analyze all points before to do this. I vote too for the 
> third option, but you have to be clear that how do you ´ll check the 
> weakness of the password:
> 1- For example: the length should be greater that 6 char..
> 2- The password should be have  a combination fo numbers, letters and 
> others dots
>
> Things like that you have to think very well, or to do a question to 
> the list asking which are the best options.
>
> I think the same about the PAM and LDAP auth
>
>

I'm voting for #3 precisely so postgres doesn't have to think about it, 
and the module author will do all the work implementing whatever rules 
they want to enforce.

cheers

andrew

In response to

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2009-09-28 14:24:17
Subject: Re: Rejecting weak passwords
Previous:From: Magnus HaganderDate: 2009-09-28 13:34:17
Subject: Re: Rejecting weak passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group