On Wed, Oct 14, 2009 at 11:21 PM, Mark Mielke <m...@mark.mielke.cc> wrote: > On 10/14/2009 05:33 PM, Dave Page wrote: >> >> No. Any checks at the client are worthless, as they can be bypassed by >> 10 minutes worth of simple coding in any of a dozen or more languages. >> > > Why care?
Because many large (and small for that matter) organisations also have security policies which mandate the enforcement of specific password policies. Just because you think it's worthless to try to prevent someone reusing a password, or using 'password' doesn't mean that everyone else does. Some organisations will use such a feature in a box-ticking exercise when evaluating, and others may actually decide to use the feature, and expect it to work effectively. Beside, we are not in the habit of putting half-arsed features in PostgreSQL. If we do something, we do it properly. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
