| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | "" <mlortiz(at)uci(dot)cu> |
| Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-09-28 13:54:56 |
| Message-ID: | 4AC0C030.9080803@dunslane.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Ing. Marcos L. Ortíz Valmaseda wrote:
>>
>> My vote is for #3, if anything.
>>
>>
> You have to analyze all points before to do this. I vote too for the
> third option, but you have to be clear that how do you ´ll check the
> weakness of the password:
> 1- For example: the length should be greater that 6 char..
> 2- The password should be have a combination fo numbers, letters and
> others dots
>
> Things like that you have to think very well, or to do a question to
> the list asking which are the best options.
>
> I think the same about the PAM and LDAP auth
>
>
I'm voting for #3 precisely so postgres doesn't have to think about it,
and the module author will do all the work implementing whatever rules
they want to enforce.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-09-28 14:24:17 | Re: Rejecting weak passwords |
| Previous Message | Magnus Hagander | 2009-09-28 13:34:17 | Re: Rejecting weak passwords |