Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Joshua D. Drake
Subject	Re: Rejecting weak passwords
Date	September 29, 2009 05:59:45
Msg-id	1254178785.32237.3.camel@jd-desktop.iso-8859-1.charter.com Whole thread Raw
In response to	Re: Rejecting weak passwords (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
> > It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> > of up to 8 chars in length.
> 
> That would be a reason to limit the number of failed connection attempts
> from a single source, then, rather than a reason to change the hash
> function.
> 
> Hmmm, that would be a useful, easy (I think) security feature: add a GUC
> for failed_logins_allowed.

Why a GUC, can't we just use ALTER ROLE (or ALTER DATABASE)?

Joshua D. Drake


-- 
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 503.667.4564
Consulting, Training, Support, Custom Development, Engineering
If the world pushes look it in the eye and GRR. Then push back harder. - Salamander

pgsql-hackers by date:

From: Alvaro Herrera
Date: 29 September 2009, 04:00:52
Subject: Re: [PATCH] 8.5 TODO: Add comments to output indicating version of pg_dump and of the database server

From: "Albe Laurenz"
Date: 29 September 2009, 06:46:20
Subject: Re: Rejecting weak passwords

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next