Re: Rejecting weak passwords
| От | Dave Page |
|---|---|
| Тема | Re: Rejecting weak passwords |
| Дата | |
| Msg-id | 937d27e10910141156v1d7d4acaq5dfa388a0fdc17e8@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Rejecting weak passwords (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Wed, Oct 14, 2009 at 6:08 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> On Wed, Oct 14, 2009 at 18:25, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> Let's see you do that (hint: "CREATD USER ... PASSWORD" is going to >>> throw a syntax error before you realize there's anything there that >>> might need to be protected). > >> I'm unsure if it's our responsibility to think about that. We can leak >> a *lot* of sensitive information to the logs through syntax errors, >> this is just one of them. We *do* need to worry about the statements >> when they are sent properly, of course. > > Even if they're "sent properly", this entire discussion misses the point. > The reason to not want cleartext passwords in the logs is that the user > doesn't trust the DBA. Why would a user who doesn't trust the DBA > want to trust him to not be running a modified copy of the database with > all this nice logic disabled? If you trust him that little, why would you use a password that you also use elsewhere? Besides, if he can run a modified version of the database, its game over anyway. Just set pg_hba.conf's auth method to password, and you don't even have to wait for the user to change their password - you can grab it the next time he logs in. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: