| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | Greg Stark <gsstark(at)mit(dot)edu>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Marko Kreen <markokr(at)gmail(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-10-14 20:25:55 |
| Message-ID: | 3043.1255551955@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dave Page <dpage(at)pgadmin(dot)org> writes:
> I said up front this was a box-ticking exercise for these folks,
> however, rather than just tick the box and move on (meh - who cares if
> we can store 2009-02-31 - it stores all the valid dates which are the
> ones that matter :-p ) I prefer to discuss the issue and do the best
> job we can to make it a practical, usable and useful feature - which
> is kinda what we usually pride ourselves in doing!
Well, sure. I just don't want to move backwards on other dimensions
in order to move forward on this one. It's fair to argue that support
of pre-crypted passwords closes only some holes that can be closed in
other ways, but it's equally fair to argue that the limited capability
of a plugin that has to check pre-crypted passwords also represents a
corner case that can be solved in other ways.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2009-10-14 20:50:46 | Re: Rejecting weak passwords |
| Previous Message | Rod Taylor | 2009-10-14 20:21:41 | Could regexp_matches be immutable? |