On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <adambrusselb...@gmail.com> wrote:
> Whoops, accidentally sent this to only Pawan instead of the list: >> >> > Hey there, so I would highly suggest you avoid arbitrary password strength > policies like that. I wrote a library for my company which we use for > password strength estimation, but it is written in Java. I've been > thinking about how to port it to pl/pgsql so it could easily be packaged as > an extension and used natively in Postgres, but I just haven't had time to > get around to that yet. Here it is for reference: https://github.com/ > GoSimpleLLC/nbvcxz > > If you're actually interested in having an extension which works like the > above, and want to work on porting it, i'd be more than happy to jump in > and help out where I can. I just don't have the free cycles to do it my > self at the moment. > > Now on to your original question...Why wouldn't it be possible to create a > trigger on your users table to check the password being inserted, raise an > error if it does not meet your requirement, or hash it if it does and > continue the insert? Seems pretty straight forward other than the > complexity of actually estimating how secure a password is. > Thanks Adam, but here the requirement to enforce password polices while creating to the users. create user abc with password 'Password'; where it will test that the password entered should be according to the company standard, while creation of users. So please suggest.
