Quick Links

Re: Rejecting weak passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
Cc:	Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Rejecting weak passwords
Date:	2009-09-28 15:06:15
Message-ID:	871.1254150375@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Actually there's a much bigger problem with asking the backend to reject
weak passwords: what ya gonna do with a pre-MD5'd string? Which is
exactly what the backend is going to always get, in a security-conscious
environment.

regards, tom lane

In response to

Re: Rejecting weak passwords at 2009-09-28 14:24:17 from Magnus Hagander

Responses

Re: Rejecting weak passwords at 2009-09-28 15:31:37 from Albe Laurenz
Re: Rejecting weak passwords at 2009-09-28 18:00:14 from Marko Kreen

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Albe Laurenz	2009-09-28 15:31:37	Re: Rejecting weak passwords
Previous Message	Peter Eisentraut	2009-09-28 15:05:39	Re: WIP - syslogger infrastructure changes