Re: Rejecting weak passwords

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Albe Laurenz" <laurenz.albe@wien.gv.at>
Cc: "Andrew Dunstan" <andrew@dunslane.net>, "mlortiz" <mlortiz@uci.cu>, "Magnus Hagander" <magnus@hagander.net>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-09-28T15:38:45Z
Lists: pgsql-hackers
"Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> Tom Lane wrote:
>> Actually there's a much bigger problem with asking the backend to reject
>> weak passwords: what ya gonna do with a pre-MD5'd string?  Which is
>> exactly what the backend is going to always get, in a security-conscious
>> environment.

> I'm thinking of the case where somebody changes his or her
> password interactively on the command line, with pgAdmin III,
> or similar. People would hardly use the above in that case,

Really?  If pgAdmin has a password-change function that doesn't use
client-side password encryption then somebody should file a bug against
it.  Sending unencrypted passwords exposes the password at least to the
postmaster logfile.  createuser has been doing encryption, unless
specifically commanded not to, for a long time.

			regards, tom lane