Re: Rejecting weak passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-20T13:42:36Z
Lists: pgsql-hackers
Magnus Hagander <magnus@hagander.net> writes: > 2009/10/19 Tom Lane <tgl@sss.pgh.pa.us>: >> Now we have a user with name equal to password, which no sane security >> policy will think is a good thing, but the plugin had no chance to >> prevent it. > The big difference is that you need to be superuser to change the name > of a user, but not to change your own password. True, but the superuser doesn't necessarily know what the user has set his password to. regards, tom lane