Mark Mielke wrote:
> On 10/15/2009 10:08 AM, Dave Page wrote:
>> ...other
>> DBMSs (and all major operating systems I can think of) offer password
>> policy features as non-client checks...we are compared ...
>
> Not so clear to me. If they're doing strong checks, this means they're
> sending passwords in the clear or only barely encoded, or using some
> OTHER method than 'alter role ... password ...' to change the password.
This makes it sounds like a documentation problem to me.
We need to educate the security-feature-checklist writers.
It seems we need to clearly spell out the security risks of sending
plain text passwords in the section where we would state the reason
why the checks are done in the client - and then hopefully the
security checklists writers will include "only sends encrypted
passwords" as a checkbox on the product comparison charts.
And if server-side checks are that important, perhaps the wiki needs
an example of how to enable server-side check for popular GSSAPI
or LDAP or PAM configurations and describe how to make postgres
use those.