Re: Rejecting weak passwords

Tom Lane wrote:
> "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
> > And, perhaps slightly off topic: if the login password is sent over a
> > non-encrypted stream, md5sum or not, can't someone use it to log in if
> > they're generating their own stream to connect?
>
> Not if they only capture a login exchange --- the password is doubly
> encrypted during that. If they see the md5'd password in a CREATE USER
> command, then yeah, they could pass a subsequent md5 challenge, using
> suitably modified client software that doesn't try to re-encrypt the
> given password.
>
> But the main point is to hide the cleartext password, in any case.

What if we added a GUC that only allowed password changes via an SSL
connection. You could say that is a security enhancement, and
administrators could set up their systems to use 'password'
authentication for SSL and check the password strength on the server
because they come in clear-text.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +