Re: Rejecting weak passwords
| От | Bruce Momjian |
|---|---|
| Тема | Re: Rejecting weak passwords |
| Дата | |
| Msg-id | 200910200408.n9K48Wd23470@momjian.us обсуждение исходный текст |
| Ответ на | Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom Lane wrote: > "Albe Laurenz" <laurenz.albe@wien.gv.at> writes: > > Bruce Momjian wrote: > >> Password checks might include password complexity or non-reuse of > >> passwords. This facility will require the client to send the password to > >> the server in plain-text, so SSL and 'password' authentication is > >> necessary to use this features. > > > So in my opinion that should be: > > This facility will require to send new and changed password to > > the server in plain-text, so it will require SSL, and the use > > of encrypted passwords in CREATE/ALTER ROLE will have to be > > disabled. > > Actually, not one word of *either* version should be in TODO. All of > that is speculation about policies that a particular add-on module > might or might not choose to enforce. Agreed, updated: |Allow server-side enforcement of password policies|Password checks might include password complexity or non-reuse ofpasswords. This facility will require the client to send passwordcreation/changes to the server in plain-text, not MD5. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-hackers по дате отправления: