Re: Rejecting weak passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Dave Page <dpage@pgadmin.org>
Cc: Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, Magnus Hagander <magnus@hagander.net>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T16:08:34Z
Lists: pgsql-hackers
Dave Page <dpage@pgadmin.org> writes: > You've twice asserted it's a reduction without providing any arguments > to back that up. You quoted two good arguments why it's insecure in your original message, neither of which your proposed GUC does anything to protect against; and you also admitted that there might be other leakage paths we haven't thought of. That seems to me to be more than sufficient reason to not encourage people to go back to passing unencrypted passwords around. regards, tom lane