Re: Rejecting weak passwords
Dave Page <dpage@pgadmin.org>
From: Dave Page <dpage@pgadmin.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Greg Stark <gsstark@mit.edu>, Bruce Momjian <bruce@momjian.us>, Magnus Hagander <magnus@hagander.net>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz <mlortiz@uci.cu>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-14T20:10:38Z
Lists: pgsql-hackers
On Wed, Oct 14, 2009 at 9:00 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Okay, fine, so we're not looking for actual high-grade security, > we're looking to tick off a checkbox in the minds of not terribly > well-informed people. Then the plugin mechanism as currently proposed > will do the job just fine. We do not need to put a whole bunch of > dubious extra infrastructure in there, and we DEFINITELY do not need > anything that can be painted as a backwards step security-wise. Nice exit strategy :-) I said up front this was a box-ticking exercise for these folks, however, rather than just tick the box and move on (meh - who cares if we can store 2009-02-31 - it stores all the valid dates which are the ones that matter :-p ) I prefer to discuss the issue and do the best job we can to make it a practical, usable and useful feature - which is kinda what we usually pride ourselves in doing! -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com