Tom Lane wrote:
> "Albe Laurenz" <[email protected]> writes:
> > Bruce Momjian wrote:
> >> Password checks might include password complexity or non-reuse of
> >> passwords. This facility will require the client to send the password to
> >> the server in plain-text, so SSL and 'password' authentication is
> >> necessary to use this features.
>
> > So in my opinion that should be:
> > This facility will require to send new and changed password to
> > the server in plain-text, so it will require SSL, and the use
> > of encrypted passwords in CREATE/ALTER ROLE will have to be
> > disabled.
>
> Actually, not one word of *either* version should be in TODO. All of
> that is speculation about policies that a particular add-on module
> might or might not choose to enforce.
Agreed, updated:
|Allow server-side enforcement of password policies
|Password checks might include password complexity or non-reuse of
passwords. This facility will require the client to send password
creation/changes to the server in plain-text, not MD5.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
