Alvaro Herrera wrote:
Except that your first statement is false. It is not possible currently
for any tool to prevent someone from doing ALTER USER joe PASSWORD joe.
A server-side plugin can provide a guarantee that there are no bad
passwords (for some value of bad, and with some possible adverse
consequences). We don't have that today.
We do, if you have you server grabbing passwords from LDAP or whatever
external auth service you use. That would be more secure than anything
mentioned in this thread, because the password enforcement could work on
unencrypted passwords without adverse consequences.
We don't have it today for passwords that postgres manages. Unless we're
going to rely on an external auth source completely, I think there's a
good case for the hooks, but not for any of the other "adjustments" that
people have suggested.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
