Re: Rejecting weak passwords

Dave Page <dpage@pgadmin.org>

From: Dave Page <dpage@pgadmin.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, Magnus Hagander <magnus@hagander.net>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T16:16:49Z
Lists: pgsql-hackers
On Wed, Oct 14, 2009 at 5:08 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Dave Page <dpage@pgadmin.org> writes:
>> You've twice asserted it's a reduction without providing any arguments
>> to back that up.
>
> You quoted two good arguments why it's insecure in your original
> message, neither of which your proposed GUC does anything to protect
> against;

I see one, and I proposed masking passwords in any relevant queries
before they were written to the stats or logs to mitigate that.

> and you also admitted that there might be other leakage paths
> we haven't thought of.  That seems to me to be more than sufficient
> reason to not encourage people to go back to passing unencrypted
> passwords around.

Yes. Which is why I asked your opinion as there's a far greater chance
you would know of any such paths than I, *and* whether they represent
a greater risk than the complete lack of control over the
effectiveness of users passwords that we currently have.

-- 
Dave Page
EnterpriseDB UK:   http://www.enterprisedb.com