| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Marko Kreen <markokr(at)gmail(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-14 22:12:50 |
| Message-ID: | 1255558370.22713.4.camel@vanquo.pezone.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2009-10-14 at 12:59 -0400, Tom Lane wrote:
> If psql or pgAdmin takes a password and
> then sends it in the clear without telling me, that's a breach of
> trust
> with potentially serious consequences. I might not trust the DBA, for
> example, or I might be less confident of the network infrastructure
> than he is.
Well, you would lose anyway if the DBA switches the pg_hba.conf setting
from md5 to password without telling you. There is usually no
straightforward way in client applications to guard against that.
Something to think about.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-10-14 22:16:46 | Re: Triggers on columns |
| Previous Message | Bruce Momjian | 2009-10-14 22:07:45 | Re: Rejecting weak passwords |