Re: Rejecting weak passwords

Dave Page <dpage@pgadmin.org>

From: Dave Page <dpage@pgadmin.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Greg Stark <gsstark@mit.edu>, Bruce Momjian <bruce@momjian.us>, Magnus Hagander <magnus@hagander.net>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T20:10:38Z
Lists: pgsql-hackers
On Wed, Oct 14, 2009 at 9:00 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Okay, fine, so we're not looking for actual high-grade security,
> we're looking to tick off a checkbox in the minds of not terribly
> well-informed people.  Then the plugin mechanism as currently proposed
> will do the job just fine.  We do not need to put a whole bunch of
> dubious extra infrastructure in there, and we DEFINITELY do not need
> anything that can be painted as a backwards step security-wise.

Nice exit strategy :-)

I said up front this was a box-ticking exercise for these folks,
however, rather than just tick the box and move on (meh - who cares if
we can store 2009-02-31 - it stores all the valid dates which are the
ones that matter :-p ) I prefer to discuss the issue and do the best
job we can to make it a practical, usable and useful feature - which
is kinda what we usually pride ourselves in doing!

-- 
Dave Page
EnterpriseDB UK:   http://www.enterprisedb.com