| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-02 22:56:09 |
| Message-ID: | 200910022256.n92Mu9009537@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > That said, it would still be good to have something actually *useful*
> > in contrib. A bit more than just comparing userid and password.
> > Perhaps at least being able to set the min length, and the requirement
> > on having >1 "character class"?
>
> +1. There's still the issue of not being able to do much with a
> pre-MD5'd password, though.
Agreed. I am still a little worried that people will think they are
checking for weak passwords when, for MD5, they are not. I am also
worried that people will unknowingly reduce their security (not use MD5)
to allow weak password checking.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Brad T. Sliger | 2009-10-03 00:34:16 | Re: Unicode UTF-8 table formatting for psql text output |
| Previous Message | shakahshakah@gmail.com | 2009-10-02 22:30:00 | 8.5 TODO: any info on "Create dump tool for write-ahead logs..." in PITR section (1.4)? |