Re: Rejecting weak passwords
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Marko Kreen <markokr@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, Magnus Hagander <magnus@hagander.net>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-09-28T18:40:15Z
Lists: pgsql-hackers
On Mon, Sep 28, 2009 at 2:00 PM, Marko Kreen <markokr@gmail.com> wrote: > So promoting the ENCRYPTED 'foo' as "secure" may lure users into > false sense of security, and be lax against sniffing and logfile > protection. ENCRYPTED prevents the user's password from being stolen by a modified server. ...Robert