Skip site navigation (1) Skip section navigation (2)

Re: Rejecting weak passwords

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: "" <mlortiz(at)uci(dot)cu>
Cc: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Rejecting weak passwords
Date: 2009-09-28 13:54:56
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers

Ing. Marcos L. Ortí­z Valmaseda wrote: 
>> My vote is for #3, if anything.
> You have to analyze all points before to do this. I vote too for the 
> third option, but you have to be clear that how do you ´ll check the 
> weakness of the password:
> 1- For example: the length should be greater that 6 char..
> 2- The password should be have  a combination fo numbers, letters and 
> others dots
> Things like that you have to think very well, or to do a question to 
> the list asking which are the best options.
> I think the same about the PAM and LDAP auth

I'm voting for #3 precisely so postgres doesn't have to think about it, 
and the module author will do all the work implementing whatever rules 
they want to enforce.



In response to


pgsql-hackers by date

Next:From: Magnus HaganderDate: 2009-09-28 14:24:17
Subject: Re: Rejecting weak passwords
Previous:From: Magnus HaganderDate: 2009-09-28 13:34:17
Subject: Re: Rejecting weak passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group