Re: Rejecting weak passwords
Magnus Hagander <magnus@hagander.net>
From: Magnus Hagander <magnus@hagander.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Dave Page <dpage@pgadmin.org>, Albe Laurenz <laurenz.albe@wien.gv.at>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2009-10-01T17:12:32Z
Lists: pgsql-hackers
On Thu, Oct 1, 2009 at 19:07, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Magnus Hagander <magnus@hagander.net> writes: >> On Thu, Oct 1, 2009 at 17:24, Tom Lane <tgl@sss.pgh.pa.us> wrote: >>> I agree with the subsequent comments suggesting a sample module that >>> actually does something useful --- although if it's going to link to >>> external code like cracklib, it probably is going to have to be on >>> pgfoundry not in contrib. > >> Why is that? we have plenty of other things in contrib that rely on >> external code, for example the uuid, xml or ssl stuff. > > Well, maybe. I was concerned about availability, portability, license > compatibility, and so on. The bar's a lot lower for pgfoundry projects > on all those points ... Fair enough. And on the licensing issue. That said, it would still be good to have something actually *useful* in contrib. A bit more than just comparing userid and password. Perhaps at least being able to set the min length, and the requirement on having >1 "character class"? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/