Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Rejecting weak passwords
Date	October 14, 2009 22:13:28
Msg-id	1255558370.22713.4.camel@vanquo.pezone.net Whole thread Raw
In response to	Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Wed, 2009-10-14 at 12:59 -0400, Tom Lane wrote:
> If psql or pgAdmin takes a password and
> then sends it in the clear without telling me, that's a breach of
> trust
> with potentially serious consequences.  I might not trust the DBA, for
> example, or I might be less confident of the network infrastructure
> than he is.

Well, you would lose anyway if the DBA switches the pg_hba.conf setting
from md5 to password without telling you.  There is usually no
straightforward way in client applications to guard against that.
Something to think about.

pgsql-hackers by date:

From: Bruce Momjian
Date: 14 October 2009, 22:08:00
Subject: Re: Rejecting weak passwords

From: Tom Lane
Date: 14 October 2009, 22:16:59
Subject: Re: Triggers on columns

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next