Home > mailing lists

Re: [HACKERS] Enhancements to passwordcheck - Mailing list pgsql-hackers

From	Bossart, Nathan
Subject	Re: [HACKERS] Enhancements to passwordcheck
Date	September 27, 2017 17:43:30
Msg-id	F3F63E2E-91A1-4DA4-BC29-584054D8DA1D@amazon.com Whole thread Raw
In response to	Re: [HACKERS] Enhancements to passwordcheck (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: [HACKERS] Enhancements to passwordcheck
List	pgsql-hackers

Tree view

On 9/27/17, 7:41 AM, "Peter Eisentraut" <peter.eisentraut@2ndquadrant.com> wrote:
> On 9/25/17 23:10, Bossart, Nathan wrote:
>> One interesting design challenge will be how to handle pre-hashed
>> passwords, since the number of checks we can do on those is pretty
>> limited.  I'm currently thinking of a parameter that can be used to
>> block, allow, or force pre-hashed passwords.
>
> Pre-hashed passwords are the normal case.  You can't break that without
> making this module a net loss in security.

A strength in making this configurable is that you could use it to
enforce that passwords are pre-hashed.  But yes, blocking pre-
hashed passwords could be undesirable given an untrusted network or
server.

Nathan


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

From: Tom Lane
Date: 27 September 2017, 17:39:59
Subject: Re: [BUGS] [HACKERS] Float value 'Infinity' is cast to numeric 1 on Windows

From: Alvaro Herrera
Date: 27 September 2017, 18:06:49
Subject: Re: [HACKERS] Enhancements to passwordcheck

Re: [HACKERS] Enhancements to passwordcheck - Mailing list pgsql-hackers

Previous

Next