| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Tom Lane *EXTERN*" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Itagaki Takahiro" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
| Cc: | "Heikki Linnakangas *EXTERN*" <heikki(dot)linnakangas(at)enterprisedb(dot)com>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-11-19 07:59:10 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C20393804F@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Applied with some minor modifications. Aside from the added valuntil
> parameter, I changed the "isencrypted" parameter to an int with some
> #define'd values. It seems easily foreseeable that we'll replace the
> MD5 encryption scheme someday, and it'd be good to ensure that this
> API is extendable when that happens. Also, I got rid of the bool
> return value and made the hook responsible for throwing its
> own errors.
> I don't know about you guys, but I would cheerfully kill anybody who
> tried to make me use a password checker that didn't tell me anything
> about why it thinks my password is too weak. (The CrackLib API we
> are using is lamentably badly designed on this score --- does it have
> another call that provides a more useful error report?) Even if you
> think "weak password" is adequate for that class of complaints, the
> single error message would certainly not do for complaints about the
> valuntil date being too far away.
Thank you.
I agree on all points.
I did not know that contrib modules get translated too, else I would
have thrown the error messages there.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2009-11-19 08:13:39 | Re: Summary and Plan for Hot Standby |
| Previous Message | Simon Riggs | 2009-11-19 06:16:40 | Re: Summary and Plan for Hot Standby |