Re: Rejecting weak passwords

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-20T13:42:36Z
Lists: pgsql-hackers
Magnus Hagander <magnus@hagander.net> writes:
> 2009/10/19 Tom Lane <tgl@sss.pgh.pa.us>:
>> Now we have a user with name equal to password, which no sane security
>> policy will think is a good thing, but the plugin had no chance to
>> prevent it.

> The big difference is that you need to be superuser to change the name
> of a user, but not to change your own password.

True, but the superuser doesn't necessarily know what the user has
set his password to.

			regards, tom lane