Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Rejecting weak passwords
Date	October 2, 2009 19:56:23
Msg-id	200910022256.n92Mu9009537@momjian.us Whole thread Raw
In response to	Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
> > That said, it would still be good to have something actually *useful*
> > in contrib. A bit more than just comparing userid and password.
> > Perhaps at least being able to set the min length, and the requirement
> > on having >1 "character class"?
> 
> +1.  There's still the issue of not being able to do much with a
> pre-MD5'd password, though.

Agreed.  I am still a little worried that people will think they are
checking for weak passwords when, for MD5, they are not.  I am also
worried that people will unknowingly reduce their security (not use MD5)
to allow weak password checking.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

From: "shakahshakah@gmail.com"
Date: 02 October 2009, 19:35:30
Subject: 8.5 TODO: any info on "Create dump tool for write-ahead logs..." in PITR section (1.4)?

From: "Brad T. Sliger"
Date: 02 October 2009, 21:34:33
Subject: Re: Unicode UTF-8 table formatting for psql text output

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next