On Tue, Sep 29, 2009 at 9:48 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > "Albe Laurenz" <laurenz.a...@wien.gv.at> writes: >> I thought about it some more, and I think that a password checking >> hook might still be somewhat useful even for MD5-encrypted passwords; >> the function could guess and exclude at least that dreadful >> all-too-frequent case of username = password. > > True. You could probably even run through a moderate-size dictionary > of weak passwords, depending on how long you're willing to make the > user wait. (CHECK_FOR_INTERRUPTS inside the loop would be polite ;-))
But how much value is there in that? This whole thing seems like a dead end to me. No matter how long you're willing to wait, putting the checking on the client side will let you far more validation for the same price. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
