Re: Rejecting weak passwords

Albe Laurenz <laurenz.albe@wien.gv.at>

From: "Albe Laurenz" <laurenz.albe@wien.gv.at>
To: "Heikki Linnakangas *EXTERN*" <heikki.linnakangas@enterprisedb.com>
Cc: "Itagaki Takahiro *EXTERN*" <itagaki.takahiro@oss.ntt.co.jp>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-11-17T12:28:01Z
Lists: pgsql-hackers

Attachments

Heikki Linnakangas wrote:
> I think it would better to add an explicit "isencrypted" parameter to
> the check_password_hook function, rather than require the module to do
> isMD5 on the password. Any imaginable check hook will need to know if
> the password is in MD5 format, and the backend already knows it (because
> it already did that check), it seems good to let the hook function know.
> Besides, if we introduce explicit syntax for saying that the supplied
> password is plaintext or md5 one day, calling isMD5 in the module will
> no longer be appropriate.

I agree on the second point, and I changed the patch accordingly.

Here's the latest version.

Yours,
Laurenz Albe