| From: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dave Page <dpage(at)pgadmin(dot)org>, Marko Kreen <markokr(at)gmail(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-14 22:30:16 |
| Message-ID: | 4AD650F8.7010402@mark.mielke.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/14/2009 06:25 PM, Peter Eisentraut wrote:
> On Wed, 2009-10-14 at 18:38 +0200, Magnus Hagander wrote:
>
>> So throwing out a wild idea that's probably just wild enough to even
>> consider, but one way to deal with the logging side of things would be
>> to deprecate/remove ALTER USER/CREATE USER with password, and add a
>> separate API call. With a separate wire protocol packet. That would
>> certainly take care of the logging part ;)
>>
> I think that would be the correct fix.
>
Yep. +1. If we are really so paranoid.
Cheers,
mark
--
Mark Mielke<mark(at)mielke(dot)cc>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-14 22:37:32 | Re: What does this configure warning mean? |
| Previous Message | Mark Mielke | 2009-10-14 22:29:00 | Re: Rejecting weak passwords |