Re: Rejecting weak passwords

Albe Laurenz <laurenz.albe@wien.gv.at>

From: "Albe Laurenz" <laurenz.albe@wien.gv.at>
To: "Tom Lane *EXTERN*" <tgl@sss.pgh.pa.us>, "Itagaki Takahiro" <itagaki.takahiro@oss.ntt.co.jp>
Cc: "Heikki Linnakangas *EXTERN*" <heikki.linnakangas@enterprisedb.com>, "pgsql-hackers" <pgsql-hackers@postgresql.org>
Date: 2009-11-19T07:59:10Z
Lists: pgsql-hackers
Tom Lane wrote:
> Applied with some minor modifications.  Aside from the added valuntil
> parameter, I changed the "isencrypted" parameter to an int with some
> #define'd values.  It seems easily foreseeable that we'll replace the
> MD5 encryption scheme someday, and it'd be good to ensure that this
> API is extendable when that happens.  Also, I got rid of the bool
> return value and made the hook responsible for throwing its 
> own errors.
> I don't know about you guys, but I would cheerfully kill anybody who
> tried to make me use a password checker that didn't tell me anything
> about why it thinks my password is too weak.  (The CrackLib API we
> are using is lamentably badly designed on this score --- does it have
> another call that provides a more useful error report?)  Even if you
> think "weak password" is adequate for that class of complaints, the
> single error message would certainly not do for complaints about the
> valuntil date being too far away.

Thank you.

I agree on all points.
I did not know that contrib modules get translated too, else I would
have thrown the error messages there.

Yours,
Laurenz Albe