| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-14 16:08:34 |
| Message-ID: | 14583.1255536514@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dave Page <dpage(at)pgadmin(dot)org> writes:
> You've twice asserted it's a reduction without providing any arguments
> to back that up.
You quoted two good arguments why it's insecure in your original
message, neither of which your proposed GUC does anything to protect
against; and you also admitted that there might be other leakage paths
we haven't thought of. That seems to me to be more than sufficient
reason to not encourage people to go back to passing unencrypted
passwords around.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2009-10-14 16:16:49 | Re: Rejecting weak passwords |
| Previous Message | Tom Lane | 2009-10-14 16:02:46 | Re: [PATCH] Largeobject access controls |