Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Joshua D. Drake
Subject	Re: Rejecting weak passwords
Date	September 28, 2009 23:00:05
Msg-id	1254178785.32237.3.camel@jd-desktop.unknown.charter.com Whole thread Raw
In response to	Re: Rejecting weak passwords (Josh Berkus <josh@agliodbs.com>)
Responses	Re: Rejecting weak passwords
List	pgsql-hackers

Tree view

On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
> > It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> > of up to 8 chars in length.
>
> That would be a reason to limit the number of failed connection attempts
> from a single source, then, rather than a reason to change the hash
> function.
>
> Hmmm, that would be a useful, easy (I think) security feature: add a GUC
> for failed_logins_allowed.

Why a GUC, can't we just use ALTER ROLE (or ALTER DATABASE)?

Joshua D. Drake


--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 503.667.4564
Consulting, Training, Support, Custom Development, Engineering
If the world pushes look it in the eye and GRR. Then push back harder. - Salamander

pgsql-hackers by date:

From: Alvaro Herrera
Date: 28 September 2009, 22:57:30
Subject: Re: TODO item: Allow more complex user/database default GUC settings

From: Alvaro Herrera
Date: 28 September 2009, 23:02:59
Subject: Re: TODO item: Allow more complex user/database default GUC settings

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next