From: | PAWAN SHARMA <er(dot)pawanshr0963(at)gmail(dot)com> |
---|---|
To: | Adam Brusselback <adambrusselback(at)gmail(dot)com> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: create trigger in postgres to check the password strength |
Date: | 2017-02-03 15:55:20 |
Message-ID: | CAPgXFMQFMBEaWwJk-PPHbNq9xwao_bvxj-BEO-VLyenNp-=WgQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <adambrusselback(at)gmail(dot)com>
wrote:
> Whoops, accidentally sent this to only Pawan instead of the list:
>>
>>
> Hey there, so I would highly suggest you avoid arbitrary password strength
> policies like that. I wrote a library for my company which we use for
> password strength estimation, but it is written in Java. I've been
> thinking about how to port it to pl/pgsql so it could easily be packaged as
> an extension and used natively in Postgres, but I just haven't had time to
> get around to that yet. Here it is for reference: https://github.com/
> GoSimpleLLC/nbvcxz
>
> If you're actually interested in having an extension which works like the
> above, and want to work on porting it, i'd be more than happy to jump in
> and help out where I can. I just don't have the free cycles to do it my
> self at the moment.
>
> Now on to your original question...Why wouldn't it be possible to create a
> trigger on your users table to check the password being inserted, raise an
> error if it does not meet your requirement, or hash it if it does and
> continue the insert? Seems pretty straight forward other than the
> complexity of actually estimating how secure a password is.
>
Thanks Adam, but here the requirement to enforce password polices while
creating to the users.
create user abc with password 'Password';
where it will test that the password entered should be according to the
company standard, while creation of users.
So please suggest.
From | Date | Subject | |
---|---|---|---|
Next Message | Vladimir Rusinov | 2017-02-03 15:58:10 | Re: create trigger in postgres to check the password strength |
Previous Message | Adam Brusselback | 2017-02-03 15:41:23 | Re: create trigger in postgres to check the password strength |