| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Mark Mielke <mark(at)mark(dot)mielke(dot)cc> |
| Cc: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Marko Kreen <markokr(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Greg Stark <gsstark(at)mit(dot)edu>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, mlortiz <mlortiz(at)uci(dot)cu>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-15 07:54:09 |
| Message-ID: | 937d27e10910150054o5b9d5cfah969bd5891e27c50f@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 14, 2009 at 11:21 PM, Mark Mielke <mark(at)mark(dot)mielke(dot)cc> wrote:
> On 10/14/2009 05:33 PM, Dave Page wrote:
>>
>> No. Any checks at the client are worthless, as they can be bypassed by
>> 10 minutes worth of simple coding in any of a dozen or more languages.
>>
>
> Why care?
Because many large (and small for that matter) organisations also have
security policies which mandate the enforcement of specific password
policies. Just because you think it's worthless to try to prevent
someone reusing a password, or using 'password' doesn't mean that
everyone else does. Some organisations will use such a feature in a
box-ticking exercise when evaluating, and others may actually decide
to use the feature, and expect it to work effectively.
Beside, we are not in the habit of putting half-arsed features in
PostgreSQL. If we do something, we do it properly.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-10-15 07:56:36 | Re: Hot standby status |
| Previous Message | Heikki Linnakangas | 2009-10-15 07:33:21 | Hot standby status |