Re: Rejecting weak passwords

Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>

From: Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>
To: "Albe Laurenz" <laurenz.albe@wien.gv.at>
Cc: "Heikki Linnakangas *EXTERN*" <heikki.linnakangas@enterprisedb.com>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-11-18T05:51:09Z
Lists: pgsql-hackers
"Albe Laurenz" <laurenz.albe@wien.gv.at> wrote:

> Heikki Linnakangas wrote:
> > I think it would better to add an explicit "isencrypted" parameter to
> > the check_password_hook function, rather than require the module to do
> > isMD5 on the password.
> 
> I agree on the second point, and I changed the patch accordingly.
> Here's the latest version.

Looks good. I change status of the patch to "Ready for Committer".

BTW, it might not be a work for this patch, we also need to
reject too long "VALID UNTIL" setting. If the password is
complex, we should not use the same password for a long time.

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center