| From: | Vladimir Rusinov <vrusinov(at)google(dot)com> |
|---|---|
| To: | PAWAN SHARMA <er(dot)pawanshr0963(at)gmail(dot)com> |
| Cc: | Adam Brusselback <adambrusselback(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: create trigger in postgres to check the password strength |
| Date: | 2017-02-03 15:58:10 |
| Message-ID: | CAE1wr-zmz=pObTuvJe5NQSW7KyT5ECA=X+oe+afDsm1Z3QRZHQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Google Ireland Ltd.,Gordon House, Barrow Street, Dublin 4, Ireland
Registered in Dublin, Ireland
Registration Number: 368047
On Fri, Feb 3, 2017 at 3:55 PM, PAWAN SHARMA <er(dot)pawanshr0963(at)gmail(dot)com>
wrote:
>
> On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <
> adambrusselback(at)gmail(dot)com> wrote:
>
>> Whoops, accidentally sent this to only Pawan instead of the list:
>>>
>>>
>> Hey there, so I would highly suggest you avoid arbitrary password
>> strength policies like that. I wrote a library for my company which we use
>> for password strength estimation, but it is written in Java. I've been
>> thinking about how to port it to pl/pgsql so it could easily be packaged as
>> an extension and used natively in Postgres, but I just haven't had time to
>> get around to that yet. Here it is for reference: https://github.com/
>> GoSimpleLLC/nbvcxz
>>
>> If you're actually interested in having an extension which works like the
>> above, and want to work on porting it, i'd be more than happy to jump in
>> and help out where I can. I just don't have the free cycles to do it my
>> self at the moment.
>>
>> Now on to your original question...Why wouldn't it be possible to create
>> a trigger on your users table to check the password being inserted, raise
>> an error if it does not meet your requirement, or hash it if it does and
>> continue the insert? Seems pretty straight forward other than the
>> complexity of actually estimating how secure a password is.
>>
>
>
> Thanks Adam, but here the requirement to enforce password polices while
> creating to the users.
>
> create user abc with password 'Password';
>
> where it will test that the password entered should be according to the
> company standard, while creation of users.
> So please suggest.
>
Consider using PAM authentication where you can insert any of already
existing password strength checks.
Or, maybe, LDAP auth where stuff will be enforced by LDAP server.
--
Vladimir Rusinov
Storage SRE, Google Ireland
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Brusselback | 2017-02-03 16:16:33 | Re: create trigger in postgres to check the password strength |
| Previous Message | PAWAN SHARMA | 2017-02-03 15:55:20 | Re: create trigger in postgres to check the password strength |