Re: Rejecting weak passwords

From: Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>
To: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
Cc: Itagaki Takahiro *EXTERN* <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Rejecting weak passwords
Date: 2009-11-17 11:41:14
Message-ID: 4B028BDA.9080005@enterprisedb.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I think it would better to add an explicit "isencrypted" parameter to
the check_password_hook function, rather than require the module to do
isMD5 on the password. Any imaginable check hook will need to know if
the password is in MD5 format, and the backend already knows it (because
it already did that check), it seems good to let the hook function know.
Besides, if we introduce explicit syntax for saying that the supplied
password is plaintext or md5 one day, calling isMD5 in the module will
no longer be appropriate.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Albe Laurenz 2009-11-17 12:28:01 Re: Rejecting weak passwords
Previous Message Dimitri Fontaine 2009-11-17 11:00:14 Re: actualised funcs typmod patch