Re: Rejecting weak passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
Cc: "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "Heikki Linnakangas *EXTERN*" <heikki(dot)linnakangas(at)enterprisedb(dot)com>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Rejecting weak passwords
Date: 2009-11-18 20:05:34
Message-ID: 24704.1258574734@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> writes:
> BTW, it might not be a work for this patch, we also need to
> reject too long "VALID UNTIL" setting. If the password is
> complex, we should not use the same password for a long time.

This is a good point --- people who have password strength policies
tend to want a limited usage period as well. It's even conceivable
that you could have different allowed lifespans depending on how
strong the password is. I suggest we alter the hook signature to pass
it the valuntil time along with the other parameters it's already
getting, and let the one hook enforce policies for both.

I'm reviewing the patch now, and barring objections will make this
change before committing.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message James Pye 2009-11-18 20:36:06 Re: Python 3.1 support
Previous Message Nathan Boley 2009-11-18 19:32:44 Re: Python 3.1 support