Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Rejecting weak passwords
Date	October 19, 2009 14:31:36
Msg-id	4848.1255962605@sss.pgh.pa.us Whole thread Raw
In response to	Re: Rejecting weak passwords ("Albe Laurenz" <laurenz.albe@wien.gv.at>)
Responses	Re: Rejecting weak passwords
List	pgsql-hackers

Tree view

"Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> Bruce Momjian wrote:
>> Password checks might include password complexity or non-reuse of
>> passwords. This facility will require the client to send the password to
>> the server in plain-text, so SSL and 'password' authentication is
>> necessary to use this features.

> So in my opinion that should be:
> This facility will require to send new and changed password to
> the server in plain-text, so it will require SSL, and the use
> of encrypted passwords in CREATE/ALTER ROLE will have to be
> disabled.

Actually, not one word of *either* version should be in TODO.  All of
that is speculation about policies that a particular add-on module
might or might not choose to enforce.
        regards, tom lane

pgsql-hackers by date:

From: Marko Tiikkaja
Date: 19 October 2009, 14:30:09
Subject: Re: Writeable CTEs and side effects

From: Stephen Frost
Date: 19 October 2009, 14:33:57
Subject: Re: Application name patch - v2

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next