Re: Rejecting weak passwords
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Rejecting weak passwords |
| Дата | |
| Msg-id | 4ADC95BF.7010208@dunslane.net обсуждение исходный текст |
| Ответ на | Re: Rejecting weak passwords (Alvaro Herrera <alvherre@commandprompt.com>) |
| Ответы |
Re: Rejecting weak passwords
|
| Список | pgsql-hackers |
Alvaro Herrera wrote: >> Except that your first statement is false. It is not possible currently >> for any tool to prevent someone from doing ALTER USER joe PASSWORD joe. >> A server-side plugin can provide a guarantee that there are no bad >> passwords (for some value of bad, and with some possible adverse >> consequences). We don't have that today. >> > > We do, if you have you server grabbing passwords from LDAP or whatever > external auth service you use. That would be more secure than anything > mentioned in this thread, because the password enforcement could work on > unencrypted passwords without adverse consequences. > We don't have it today for passwords that postgres manages. Unless we're going to rely on an external auth source completely, I think there's a good case for the hooks, but not for any of the other "adjustments" that people have suggested. cheers andrew
В списке pgsql-hackers по дате отправления: