Re: Rejecting weak passwords

Magnus Hagander <magnus@hagander.net>

From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Dave Page <dpage@pgadmin.org>, Albe Laurenz <laurenz.albe@wien.gv.at>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-01T17:12:32Z
Lists: pgsql-hackers
On Thu, Oct 1, 2009 at 19:07, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> On Thu, Oct 1, 2009 at 17:24, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I agree with the subsequent comments suggesting a sample module that
>>> actually does something useful --- although if it's going to link to
>>> external code like cracklib, it probably is going to have to be on
>>> pgfoundry not in contrib.
>
>> Why is that? we have plenty of other things in contrib that rely on
>> external code, for example the uuid, xml or ssl stuff.
>
> Well, maybe.  I was concerned about availability, portability, license
> compatibility, and so on.  The bar's a lot lower for pgfoundry projects
> on all those points ...

Fair enough. And on the licensing issue.

That said, it would still be good to have something actually *useful*
in contrib. A bit more than just comparing userid and password.
Perhaps at least being able to set the min length, and the requirement
on having >1 "character class"?


-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/