Re: Rejecting weak passwords

Peter Eisentraut <peter_e@gmx.net> writes:
> On Mon, 2009-10-19 at 14:54 +0200, Albe Laurenz wrote:
>> I guess I misunderstood something there, but I had assumed that the
>> checkbox item read something like: "Does the product offer password
>> policy enforcement?" (to quote Dave Page).

> The answer to that is currently "Yes, with external tools".  Using the
> plugin approach, the answer will remain "Yes, with external tools".  So
> we wouldn't gain much.

Except that your first statement is false.  It is not possible currently
for any tool to prevent someone from doing ALTER USER joe PASSWORD joe.
A server-side plugin can provide a guarantee that there are no bad
passwords (for some value of bad, and with some possible adverse
consequences).  We don't have that today.
        regards, tom lane