From: | Dave Page <dpage(at)pgadmin(dot)org> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, Andrew Dunstan <andrew(at)dunslane(dot)net>, mlortiz <mlortiz(at)uci(dot)cu>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Rejecting weak passwords |
Date: | 2009-10-14 15:44:27 |
Message-ID: | 937d27e10910140844v4bc96cd8r33cddcd3a12bf795@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Oct 14, 2009 at 4:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Dave Page <dpage(at)pgadmin(dot)org> writes:
>> On Wed, Oct 14, 2009 at 4:11 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> If you're really intent on making that happen, you can have your
>>> password checker plugin reject crypted passwords; we don't need
>>> such a questionable rule in core.
>
>> Client software would need to have a standard way to know when to use
>> ENCRYPTED PASSWORD or not.
>
> Oh, so you want us to propagate extra support for this blatant security
> reduction all over the system too? No thank you.
You've twice asserted it's a reduction without providing any arguments
to back that up. I argue that you *possibly* open a very hard to
exploit hole, which is exploitable only by sysadmins/DBAs, in return
for which you close a very large hole that allows users to reuse
passwords or use common or easy to guess words.
If I am incorrect or have missed an important point, please explain why or what.
> This whole line of discussion just proves the point that was made
> originally: it would be a lot better to do whatever checking you want
> done on the client side, rather than risk transmitting unencrypted
> passwords. If you are going to imagine that client-side software knows
> about such a GUC, you might as well imagine that they have cracklib
> built in.
Surely you can see that it is *absolutely pointless* to put an
password complexity checking in the client? All a user would need to
do is grab a copy of psql to bypass it. If they can't do that, there's
probably a scripting language or 12 that would make it similarly easy.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2009-10-14 15:53:06 | Re: Rejecting weak passwords |
Previous Message | Marko Kreen | 2009-10-14 15:32:08 | Re: Rejecting weak passwords |