Re: create trigger in postgres to check the password strength

On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <adambrusselback(at)gmail(dot)com>
wrote:

> Whoops, accidentally sent this to only Pawan instead of the list:
>>
>>
> Hey there, so I would highly suggest you avoid arbitrary password strength
> policies like that. I wrote a library for my company which we use for
> password strength estimation, but it is written in Java. I've been
> thinking about how to port it to pl/pgsql so it could easily be packaged as
> an extension and used natively in Postgres, but I just haven't had time to
> get around to that yet. Here it is for reference: https://github.com/
> GoSimpleLLC/nbvcxz
>
> If you're actually interested in having an extension which works like the
> above, and want to work on porting it, i'd be more than happy to jump in
> and help out where I can. I just don't have the free cycles to do it my
> self at the moment.
>
> Now on to your original question...Why wouldn't it be possible to create a
> trigger on your users table to check the password being inserted, raise an
> error if it does not meet your requirement, or hash it if it does and
> continue the insert? Seems pretty straight forward other than the
> complexity of actually estimating how secure a password is.
>

Thanks Adam, but here the requirement to enforce password polices while
creating to the users.

create user abc with password 'Password';

where it will test that the password entered should be according to the
company standard, while creation of users.
So please suggest.