Re: Rejecting weak passwords
| От | Tom Lane |
|---|---|
| Тема | Re: Rejecting weak passwords |
| Дата | |
| Msg-id | 6629.1255968727@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Rejecting weak passwords (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: Rejecting weak passwords
Re: Rejecting weak passwords |
| Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes:
> On Mon, 2009-10-19 at 14:54 +0200, Albe Laurenz wrote:
>> I guess I misunderstood something there, but I had assumed that the
>> checkbox item read something like: "Does the product offer password
>> policy enforcement?" (to quote Dave Page).
> The answer to that is currently "Yes, with external tools". Using the
> plugin approach, the answer will remain "Yes, with external tools". So
> we wouldn't gain much.
Except that your first statement is false. It is not possible currently
for any tool to prevent someone from doing ALTER USER joe PASSWORD joe.
A server-side plugin can provide a guarantee that there are no bad
passwords (for some value of bad, and with some possible adverse
consequences). We don't have that today.
regards, tom lane
В списке pgsql-hackers по дате отправления: