Re: Rejecting weak passwords
Albe Laurenz <laurenz.albe@wien.gv.at>
From: "Albe Laurenz" <laurenz.albe@wien.gv.at>
To: "Heikki Linnakangas *EXTERN*" <heikki.linnakangas@enterprisedb.com>
Cc: "Itagaki Takahiro *EXTERN*" <itagaki.takahiro@oss.ntt.co.jp>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-11-17T12:28:01Z
Lists: pgsql-hackers
Attachments
- pwdcheck-hook.patch (application/octet-stream) patch
- pwdcheck-contrib.patch (application/octet-stream) patch
- pwdcheck-contrib-doc.patch (application/octet-stream) patch
Heikki Linnakangas wrote: > I think it would better to add an explicit "isencrypted" parameter to > the check_password_hook function, rather than require the module to do > isMD5 on the password. Any imaginable check hook will need to know if > the password is in MD5 format, and the backend already knows it (because > it already did that check), it seems good to let the hook function know. > Besides, if we introduce explicit syntax for saying that the supplied > password is plaintext or md5 one day, calling isMD5 in the module will > no longer be appropriate. I agree on the second point, and I changed the patch accordingly. Here's the latest version. Yours, Laurenz Albe