| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Euler Taveira <euler(at)timbira(dot)com(dot)br>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Enhancements to passwordcheck |
| Date: | 2017-09-27 12:40:32 |
| Message-ID: | 0c115849-2123-3b3d-55de-fa218f40ef48@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 9/25/17 23:10, Bossart, Nathan wrote:
> One interesting design challenge will be how to handle pre-hashed
> passwords, since the number of checks we can do on those is pretty
> limited. I'm currently thinking of a parameter that can be used to
> block, allow, or force pre-hashed passwords.
Pre-hashed passwords are the normal case. You can't break that without
making this module a net loss in security.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-09-27 12:41:49 | Re: md5 still listed as an option in pg_hba.conf.sample |
| Previous Message | Pavel Stehule | 2017-09-27 12:24:27 | Re: logical replication and statistics |