Quick Links

Re: Rejecting weak passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Magnus Hagander <magnus(at)hagander(dot)net>
Cc:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Rejecting weak passwords
Date:	2009-10-20 13:42:36
Message-ID:	25830.1256046156@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> 2009/10/19 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>> Now we have a user with name equal to password, which no sane security
>> policy will think is a good thing, but the plugin had no chance to
>> prevent it.

> The big difference is that you need to be superuser to change the name
> of a user, but not to change your own password.

True, but the superuser doesn't necessarily know what the user has
set his password to.

regards, tom lane

In response to

Re: Rejecting weak passwords at 2009-10-20 07:11:24 from Magnus Hagander

Responses

Re: Rejecting weak passwords at 2009-10-20 14:07:31 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kevin Grittner	2009-10-20 13:58:14	Re: per table random-page-cost?
Previous Message	Dave Page	2009-10-20 12:42:23	Re: Client application name