| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Heikki Linnakangas *EXTERN*" <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | "Itagaki Takahiro *EXTERN*" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-11-17 12:28:01 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C203938043@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas wrote:
> I think it would better to add an explicit "isencrypted" parameter to
> the check_password_hook function, rather than require the module to do
> isMD5 on the password. Any imaginable check hook will need to know if
> the password is in MD5 format, and the backend already knows it (because
> it already did that check), it seems good to let the hook function know.
> Besides, if we introduce explicit syntax for saying that the supplied
> password is plaintext or md5 one day, calling isMD5 in the module will
> no longer be appropriate.
I agree on the second point, and I changed the patch accordingly.
Here's the latest version.
Yours,
Laurenz Albe
| Attachment | Content-Type | Size |
|---|---|---|
| pwdcheck-hook.patch | application/octet-stream | 2.2 KB |
| pwdcheck-contrib.patch | application/octet-stream | 3.8 KB |
| pwdcheck-contrib-doc.patch | application/octet-stream | 3.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2009-11-17 14:01:26 | Re: Raising the geqo_threshold default |
| Previous Message | Heikki Linnakangas | 2009-11-17 11:41:14 | Re: Rejecting weak passwords |