Tom Lane wrote:
Dave Page <dp...@pgadmin.org> writes:
I would suggest that in addition to the proposed plugin, we add an
suset GUC (defaulting to OFF) which rejects any use of WITH ENCRYPTED
PASSWORD to ensure that the password complexity can be checked when
roles are created or modified.
That's going to stop us from being beat up? A GUC that forcibly
*weakens* security? I can't see it.
If you're really intent on making that happen, you can have your
password checker plugin reject crypted passwords; we don't need
such a questionable rule in core.
And you could have the plugin do that depending on a custom GUC.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
