Skip site navigation (1) Skip section navigation (2)

Re: Rejecting weak passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Rejecting weak passwords
Date: 2009-09-28 15:06:15
Message-ID: 871.1254150375@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Actually there's a much bigger problem with asking the backend to reject
weak passwords: what ya gonna do with a pre-MD5'd string?  Which is
exactly what the backend is going to always get, in a security-conscious
environment.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Albe LaurenzDate: 2009-09-28 15:31:37
Subject: Re: Rejecting weak passwords
Previous:From: Peter EisentrautDate: 2009-09-28 15:05:39
Subject: Re: WIP - syslogger infrastructure changes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group