Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Rejecting weak passwords
Date	October 20, 2009 14:07:51
Msg-id	603c8f070910200707r7dfd75f6kdbc7f46c0998d763@mail.gmail.com Whole thread Raw
In response to	Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Tue, Oct 20, 2009 at 9:42 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> 2009/10/19 Tom Lane <tgl@sss.pgh.pa.us>:
>>> Now we have a user with name equal to password, which no sane security
>>> policy will think is a good thing, but the plugin had no chance to
>>> prevent it.
>
>> The big difference is that you need to be superuser to change the name
>> of a user, but not to change your own password.
>
> True, but the superuser doesn't necessarily know what the user has
> set his password to.

Yeah, but I'm not sure this case is worth worrying about.  People who
actually care password security are likely to have checks that are
substantially stronger than "!= username".

...Robert

pgsql-hackers by date:

From: "Greg Sabino Mullane"
Date: 20 October 2009, 14:07:45
Subject: Re: Could postgres be much cleaner if a future release skipped backward compatibility?

From: Robert Haas
Date: 20 October 2009, 14:15:15
Subject: Re: Could postgres be much cleaner if a future release skipped backward compatibility?

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next