Re: Rejecting weak passwords
| От | Ing. Marcos L. Ortíz Valmaseda |
|---|---|
| Тема | Re: Rejecting weak passwords |
| Дата | |
| Msg-id | 4AC0B798.3040004@uci.cu обсуждение исходный текст |
| Ответ на | Re: Rejecting weak passwords (Andrew Dunstan <andrew@dunslane.net>) |
| Ответы |
Re: Rejecting weak passwords
Re: Rejecting weak passwords |
| Список | pgsql-hackers |
Andrew Dunstan escribió: > > > Albe Laurenz wrote: >> Dear hackers, >> >> I have been thinking about ways to have PostgreSQL reject >> weak passwords. >> >> I think the standard recommendation is "use PAM and LDAP", >> but that requires the user to change the password outside >> of PostgreSQL. And who would want to setup and maintain an >> LDAP server just for this? >> >> Since everybody has different ideas what is a good password, >> there should be some way to configure that. I've looked at >> how Oracle does it, and they simply let you write a >> stored procedure that throws an exception if it doesn't >> like the password. >> Since users are on cluster level and functions live in >> databases, that won't work in PostgreSQL. >> >> I have come up with an idea or two and like to hear your >> opinion. >> >> 1) One could have a set of GUCs like min_password_length, >> min_password_nonchars and similar that everybody >> could configure. This is not extremely flexible though. >> 2) Another idea would be a GUC that contains a regular >> expression that a password may *not* match. >> Perhaps that's too limiting too. >> 3) I have also considered a GUC that points to a loadable >> module that performs the password check if set. >> >> >> > > My vote is for #3, if anything. > > cheers > > andrew > You have to analyze all points before to do this. I vote too for the third option, but you have to be clear that how do you ´ll check the weakness of the password: 1- For example: the length should be greater that 6 char.. 2- The password should be have a combination fo numbers, letters and others dots Things like that you have to think very well, or to do a question to the list asking which are the best options. I think the same about the PAM and LDAP auth Regards -- "DBAs must implements decisions based on the best fit of the application,DBMS, and platform ......for that reason.......I use PostgreSQL + Linux" Ing. Marcos L. Ortiz Valmaseda Línea Soporte y Despliegue Centro de Tecnologías de Almacenamiento y Análisis de Datos (CENTALAD) Linux User # 418229 PostgreSQL User http://www.postgresql.org http://www.planetpostgresql.org/ http://www.postgresql-es.org/
Вложения
В списке pgsql-hackers по дате отправления: