Re: Rejecting weak passwords

Tom Lane wrote:
> "Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
> > And, perhaps slightly off topic: if the login password is sent over a
> > non-encrypted stream, md5sum or not, can't someone use it to log in if
> > they're generating their own stream to connect?
> 
> Not if they only capture a login exchange --- the password is doubly
> encrypted during that.  If they see the md5'd password in a CREATE USER
> command, then yeah, they could pass a subsequent md5 challenge, using
> suitably modified client software that doesn't try to re-encrypt the
> given password.
> 
> But the main point is to hide the cleartext password, in any case.

What if we added a GUC that only allowed password changes via an SSL
connection.  You could say that is a security enhancement, and
administrators could set up their systems to use 'password'
authentication for SSL and check the password strength on the server
because they come in clear-text.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +