Re: Rejecting weak passwords
Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
From: Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>
To: "Albe Laurenz" <laurenz.albe@wien.gv.at>
Cc: "Heikki Linnakangas *EXTERN*" <heikki.linnakangas@enterprisedb.com>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-11-18T05:51:09Z
Lists: pgsql-hackers
"Albe Laurenz" <laurenz.albe@wien.gv.at> wrote: > Heikki Linnakangas wrote: > > I think it would better to add an explicit "isencrypted" parameter to > > the check_password_hook function, rather than require the module to do > > isMD5 on the password. > > I agree on the second point, and I changed the patch accordingly. > Here's the latest version. Looks good. I change status of the patch to "Ready for Committer". BTW, it might not be a work for this patch, we also need to reject too long "VALID UNTIL" setting. If the password is complex, we should not use the same password for a long time. Regards, --- ITAGAKI Takahiro NTT Open Source Software Center