Re: Rejecting weak passwords

On Thu, Oct 15, 2009 at 5:28 PM, Mark Mielke <mark(at)mark(dot)mielke(dot)cc> wrote:
>
> Not so clear to me. If they're doing strong checks, this means they're
> sending passwords in the clear or only barely encoded, or using some OTHER
> method than 'alter role ... password ...' to change the password.

Some are sending them in the clear (though often over SSL connections).

> Point being - if you think this is absolutely important to do - don't go +5%
> of the way - go 100% of the way.

Exactly - that's why I want to see a check in the server, not the
client which should get to 95%. I also happen to agree with Magnus
that the only really secure way to do this on outside of SQL, but I
can't see us dropping ALTER USER ... WITH PASSWORD in a hurry.

> Then again, I'm not so concerned about what arbitrary criteria some person
> defines as "what makes a good database system". I'm more concerned with what
> makes the system better for *me*. I don't see how this entire thread helps
> *me* in any way - and I do understand the need for strong passwords - and my
> company *does* have policies that require strong passwords. Even if the
> plugin is provided - I'm not going to activate it. I already have a policy
> for setting strong passwords that I already follow.

That's an excellent point. It probably doesn't make any difference to
you or many of the other people on this list who are concerned with
running their own systems and may already use other techniques, such
as LDAP, SSPI etc.

A not-insignificant percentage of the people here are not concerned
with running their own systems though. They are working to help new
users adopt PostgreSQL, and make a living selling services or support
to those users. Sometimes that can be for huge projects, where it is
necessary to justify every difference in check-box items against other
products to get past the early eval stages. Like it or not, that is a
fact, and this hampers our adoption.

--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com