| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Itagaki Takahiro *EXTERN*" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
| Cc: | "Heikki Linnakangas *EXTERN*" <heikki(dot)linnakangas(at)enterprisedb(dot)com>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-11-18 10:35:22 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C203938048@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Itagaki Takahiro wrote:
> Looks good. I change status of the patch to "Ready for Committer".
Thanks for the help!
> BTW, it might not be a work for this patch, we also need to
> reject too long "VALID UNTIL" setting. If the password is
> complex, we should not use the same password for a long time.
There are some cases, e.g. application servers logging into the
database, where you cannot just let the password expire, so I
think this would at best have to be a rule with exceptions.
Another thing that makes VALID UNTIL inconvenient to use is
that after expiration, logins simply fail, and the user
is never prompted to change the password.
But of course you are right, requiring a limited password
lifetime is closely related to requiring a good password.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexey Klyukin | 2009-11-18 10:38:00 | Re: plperl and inline functions -- first draft |
| Previous Message | Wojciech Knapik | 2009-11-18 09:35:40 | Re: Very bad FTS performance with the Polish config |