Re: Rejecting weak passwords

On 10/15/2009 10:38 AM, Albe Laurenz wrote:
> Mark Mielke wrote:
>    
>> Does Oracle really do password checks on the base SQL commands used to
>> change an Oracle password? That sounds silly.
>>      
> In Oracle you can write a stored procedure to check passwords;
> it is invoked whenever a user is created or altered.
>
> No matter how you change the password, Oracle can always recover
> the plaintext and feed it to the password checking function.
>
> So, unless you use the "Advanced Security" option (extra $$) that
> enables you to encrypt network connections, any eavesdropper
> with knowledge of Oracle's (secret) encryption algorithms can get
> your new password when you change it.
>
> And the DBA can get your password with ease.

Now I remember. Our "secure password server" used as single-sign on for 
most applications in the company, which normally avoids any applications 
ever having to see or authenticate the login, needs to send the 
passwords in plain or encoded form (not one-way encrypted) to a few 
"broken" systems, which include systems designed around Oracle user 
management, to allow people to login to these applications using their 
corporate wide password. I remember thinking one word when I learned 
this... "awesome" (sarcastic tone playing in head).

Where is the check box that says "prevents password recovery"?

For Dave Page: Understand that in a large company, as you are 
discussing, with policies that require strong passwords, the usual 
reason for requiring strong passwords is due to concerns over privilege 
escalation. Access to one system gives you access to others. In the case 
of single sign-on, which is a requirement for any business with dozens 
or more applications, where it is unreasonable for each employee to 
actually memorize dozens of distinct "strong" passwords, access to one 
system gives you access to all systems. Therefore, "trust the DBA" makes 
no sense. If the DBA can see my password, then they can login to my 
employee records and check out what my salary or contact information is, 
or they can login to one of the secure portals and authorize purchases 
as me. A *good* system, is not trusted with the password.

This is why I say you are focusing on making PostgreSQL what you think 
is a tiny bit better, but the gain is minor or artificial. If PostgreSQL 
starts requiring strong passwords - the world is not necessarily a 
better place in any mind except the person doing the ignorant checkbox 
evaluation who believes advertising on face value.

If you need security - you should know enough to know you need something 
better than per-application password strength checkers.

Cheers,
mark

-- 
Mark Mielke<mark@mielke.cc>