Re: Rejecting weak passwords

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Rejecting weak passwords
Дата
Msg-id 7191.1254232126@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Rejecting weak passwords  ("Albe Laurenz" <laurenz.albe@wien.gv.at>)
Ответы Re: Rejecting weak passwords  (Robert Haas <robertmhaas@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
"Albe Laurenz" <laurenz.albe@wien.gv.at> writes:
> I thought about it some more, and I think that a password checking
> hook might still be somewhat useful even for MD5-encrypted passwords;
> the function could guess and exclude at least that dreadful
> all-too-frequent case of username = password.

True.  You could probably even run through a moderate-size dictionary
of weak passwords, depending on how long you're willing to make the
user wait.  (CHECK_FOR_INTERRUPTS inside the loop would be polite ;-))
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Robert Haas
Дата:
Сообщение: Re: [PATCH] Reworks for Access Control facilities (r2311)
Следующее
От: Jim Cox
Дата:
Сообщение: Re: [PATCH] 8.5 TODO: Add comments to output indicating version of pg_dump and of the database server