Re: Rejecting weak passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Dave Page <dpage@pgadmin.org>
Cc: Greg Stark <gsstark@mit.edu>, Bruce Momjian <bruce@momjian.us>, Magnus Hagander <magnus@hagander.net>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T20:25:55Z
Lists: pgsql-hackers
Dave Page <dpage@pgadmin.org> writes: > I said up front this was a box-ticking exercise for these folks, > however, rather than just tick the box and move on (meh - who cares if > we can store 2009-02-31 - it stores all the valid dates which are the > ones that matter :-p ) I prefer to discuss the issue and do the best > job we can to make it a practical, usable and useful feature - which > is kinda what we usually pride ourselves in doing! Well, sure. I just don't want to move backwards on other dimensions in order to move forward on this one. It's fair to argue that support of pre-crypted passwords closes only some holes that can be closed in other ways, but it's equally fair to argue that the limited capability of a plugin that has to check pre-crypted passwords also represents a corner case that can be solved in other ways. regards, tom lane