Home > mailing lists

Re: Rejecting weak passwords - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Rejecting weak passwords
Date	September 29, 2009 13:49:03
Msg-id	7191.1254232126@sss.pgh.pa.us Whole thread Raw
In response to	Re: Rejecting weak passwords ("Albe Laurenz" <laurenz.albe@wien.gv.at>)
Responses	Re: Rejecting weak passwords
List	pgsql-hackers

Tree view

"Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> I thought about it some more, and I think that a password checking
> hook might still be somewhat useful even for MD5-encrypted passwords;
> the function could guess and exclude at least that dreadful
> all-too-frequent case of username = password.

True.  You could probably even run through a moderate-size dictionary
of weak passwords, depending on how long you're willing to make the
user wait.  (CHECK_FOR_INTERRUPTS inside the loop would be polite ;-))
        regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 29 September 2009, 13:42:12
Subject: Re: [PATCH] Reworks for Access Control facilities (r2311)

From: Jim Cox
Date: 29 September 2009, 13:58:21
Subject: Re: [PATCH] 8.5 TODO: Add comments to output indicating version of pg_dump and of the database server

Re: Rejecting weak passwords - Mailing list pgsql-hackers

Previous

Next