| From: | Craig James <craig_james(at)emolecules(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: password administration |
| Date: | 2010-08-05 20:20:53 |
| Message-ID: | 4C5B1D25.2060906@emolecules.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 8/5/10 12:58 PM, Mark Steben wrote:
> I would like to set up a facility that enforces password changes for roles
> After a predefined period (30 days for instance) when logging into psql
> Or, at the very least, send an email out to notify that your current
> Password period is about to expire. Preferably, I'd like to use
> The 'rolvaliduntil' column in pg_roles.
>
> I'm wondering if there is an app inside or outside of postgres
> that I can use or do I have to design from scratch.
This is an off-topic response, but security experts have said that this is a REALLY bad idea. It forces people to choose a new password, which means they can't remember it. So what do they do? They write it down. Anyone snooping around their office can find it.
Besides, when a password is stolen, it's usually used within minutes. Making everyone change every month does no good at all.
A better solution is to implement a password-strength algorithm and require people to select decent passwords to begin with.
Craig
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2010-08-05 20:27:46 | Re: password administration |
| Previous Message | Mark Steben | 2010-08-05 19:58:06 | password administration |