Re: Rejecting weak passwords

On Wed, Oct 14, 2009 at 1:48 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Wed, Oct 14, 2009 at 12:25 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Let's see you do that (hint: "CREATD USER ... PASSWORD" is going to
>>> throw a syntax error before you realize there's anything there that
>>> might need to be protected).
>
>> It seems to me incredibly rare for anyone to issue a manual CREATE
>> USER command with an encrypted password.  And if it is generated by a
>> script, it will presumably not have a trivial typographical error.
>
> Uh, this discussion was about cleartext passwords?

I understand that. The point is, you seemed to be worried that
log-obfuscation wouldn't work because someone might type "CREATD USER
... PASSWORD" rather than "CREATE USER ... PASSWORD". But this can
happen today, too, can't it? The only difference is that today the
password MIGHT be encrypted. But if the user is really entering the
command manually, it's probably not. Sure, someone COULD pre-MD5 a
string and then copy and paste it into a psql session, but I bet
that's not too common. I suspect people using the pre-MD5 option are
using a more sophisticated client of some sort anyway.

...Robert