Re: Query on User account password change details

On 5/7/21 7:30 AM, Scott Ribe wrote:
>> On May 6, 2021, at 11:40 PM, Ron <ronljohnsonjr@gmail.com> wrote:
>>
>> Comments like this are indicative of someone who's never been through an external audit.
> While maybe true, the point stands that even the original source of the requirement has admitted it's a bad idea, and
standardsbodies are dropping it. So, unlike many other things we might consider pointless, with this one, you have the
kindof defense that might work in an audit.
 

The problem is that Postgresql allows Really Short Passwords without 
uttering a peep, and that's not defensible to an auditor.

psql (12.5 (Ubuntu 12.5-1.pgdg18.04+1))
Type "help" for help.

postgres=# create role foo password 'a';
CREATE ROLE
postgres=#


-- 
Angular momentum makes the world go 'round.