| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | "Dave Page" <dpage(at)pgadmin(dot)org>, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, "mlortiz" <mlortiz(at)uci(dot)cu>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Rejecting weak passwords |
| Date: | 2009-09-29 13:48:46 |
| Message-ID: | 7191.1254232126@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
> I thought about it some more, and I think that a password checking
> hook might still be somewhat useful even for MD5-encrypted passwords;
> the function could guess and exclude at least that dreadful
> all-too-frequent case of username = password.
True. You could probably even run through a moderate-size dictionary
of weak passwords, depending on how long you're willing to make the
user wait. (CHECK_FOR_INTERRUPTS inside the loop would be polite ;-))
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Cox | 2009-09-29 13:58:08 | Re: [PATCH] 8.5 TODO: Add comments to output indicating version of pg_dump and of the database server |
| Previous Message | Robert Haas | 2009-09-29 13:41:58 | Re: [PATCH] Reworks for Access Control facilities (r2311) |