Re: Rejecting weak passwords

mark@mark.mielke.cc

From: Mark Mielke <mark@mark.mielke.cc>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: Magnus Hagander <magnus@hagander.net>, Tom Lane <tgl@sss.pgh.pa.us>, Dave Page <dpage@pgadmin.org>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T22:30:16Z
Lists: pgsql-hackers
On 10/14/2009 06:25 PM, Peter Eisentraut wrote:
> On Wed, 2009-10-14 at 18:38 +0200, Magnus Hagander wrote:
>    
>> So throwing out a wild idea that's probably just wild enough to even
>> consider, but one way to deal with the logging side of things would be
>> to deprecate/remove ALTER USER/CREATE USER with password, and add a
>> separate API call. With a separate wire protocol packet. That would
>> certainly take care of the logging part ;)
>>      
> I think that would be the correct fix.
>    

Yep. +1. If we are really so paranoid.

Cheers,
mark

-- 
Mark Mielke<mark@mielke.cc>