Re: Rejecting weak passwords

From: "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: "Heikki Linnakangas *EXTERN*" <heikki(dot)linnakangas(at)enterprisedb(dot)com>
Cc: "Itagaki Takahiro *EXTERN*" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Rejecting weak passwords
Date: 2009-11-17 12:28:01
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Heikki Linnakangas wrote:
> I think it would better to add an explicit "isencrypted" parameter to
> the check_password_hook function, rather than require the module to do
> isMD5 on the password. Any imaginable check hook will need to know if
> the password is in MD5 format, and the backend already knows it (because
> it already did that check), it seems good to let the hook function know.
> Besides, if we introduce explicit syntax for saying that the supplied
> password is plaintext or md5 one day, calling isMD5 in the module will
> no longer be appropriate.

I agree on the second point, and I changed the patch accordingly.

Here's the latest version.

Laurenz Albe

Attachment Content-Type Size
pwdcheck-hook.patch application/octet-stream 2.2 KB
pwdcheck-contrib.patch application/octet-stream 3.8 KB
pwdcheck-contrib-doc.patch application/octet-stream 3.4 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Sabino Mullane 2009-11-17 14:01:26 Re: Raising the geqo_threshold default
Previous Message Heikki Linnakangas 2009-11-17 11:41:14 Re: Rejecting weak passwords