| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | "Bruce Momjian *EXTERN*" <bruce(at)momjian(dot)us>, "Robert Haas" <robertmhaas(at)gmail(dot)com>, "Mark Mielke" <mark(at)mark(dot)mielke(dot)cc>, "Dave Page" <dpage(at)pgadmin(dot)org>, "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "Marko Kreen" <markokr(at)gmail(dot)com>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "Greg Stark" <gsstark(at)mit(dot)edu>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org>, "mlortiz" <mlortiz(at)uci(dot)cu> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-19 14:30:05 |
| Message-ID: | 4848.1255962605@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
> Bruce Momjian wrote:
>> Password checks might include password complexity or non-reuse of
>> passwords. This facility will require the client to send the password to
>> the server in plain-text, so SSL and 'password' authentication is
>> necessary to use this features.
> So in my opinion that should be:
> This facility will require to send new and changed password to
> the server in plain-text, so it will require SSL, and the use
> of encrypted passwords in CREATE/ALTER ROLE will have to be
> disabled.
Actually, not one word of *either* version should be in TODO. All of
that is speculation about policies that a particular add-on module
might or might not choose to enforce.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2009-10-19 14:33:47 | Re: Application name patch - v2 |
| Previous Message | Marko Tiikkaja | 2009-10-19 14:29:45 | Re: Writeable CTEs and side effects |