Re: Rejecting weak passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Albe Laurenz" <laurenz.albe@wien.gv.at>
Cc: "Andrew Dunstan" <andrew@dunslane.net>, "mlortiz" <mlortiz@uci.cu>, "Magnus Hagander" <magnus@hagander.net>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-09-28T15:38:45Z
Lists: pgsql-hackers
"Albe Laurenz" <laurenz.albe@wien.gv.at> writes: > Tom Lane wrote: >> Actually there's a much bigger problem with asking the backend to reject >> weak passwords: what ya gonna do with a pre-MD5'd string? Which is >> exactly what the backend is going to always get, in a security-conscious >> environment. > I'm thinking of the case where somebody changes his or her > password interactively on the command line, with pgAdmin III, > or similar. People would hardly use the above in that case, Really? If pgAdmin has a password-change function that doesn't use client-side password encryption then somebody should file a bug against it. Sending unencrypted passwords exposes the password at least to the postmaster logfile. createuser has been doing encryption, unless specifically commanded not to, for a long time. regards, tom lane