From: Bruce Momjian on
Tom Lane wrote:
> Bruce Momjian <bruce(a)momjian.us> writes:
> > So, are we agreed to provide a hook on the server side, but to use it
> > you have to configure your system with SSL and 'password'? I can add
> > that to the TODO list.
>
> I think we're agreed to provide the hook. What restrictions the hook
> might enforce are not our concern.

Great, added to TODO:

Allow server-side enforcement of password policies

Password checks might include password complexity or non-reuse of
passwords. This facility will require the client to send the password to
the server in plain-text, so SSL and 'password' authentication is
necessary to use this features.

* http://archives.postgresql.org/pgsql-hackers/2009-09/msg01766.php
* http://archives.postgresql.org/pgsql-hackers/2009-10/msg00025.php

--
Bruce Momjian <bruce(a)momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Bruce Momjian on
Mark Mielke wrote:
> > Personally I think the calculator/wires approach is better from an
> > engineering perspective, but it can be a handicap in the user experience
> > and checkbox categories --- ease of use is perhaps not our strong point.
> > Much of our open source value is being different, in both cost,
> > reliability, and configurability.
>
> I found this true of a lot of tools. I still remember when the mutt
> developers argued against putting IMAP in their solution because they
> thought there might be a better "IMAP component" client out there.
> Eventually, such arguments are dropped, as the practical sense on the
> matter says that tight integration is a requirement.
>
> I don't see how PostgreSQL has really failed in this regard. Maybe
> Oracle comes out-of-box with more features - but this doesn't make it
> necessarily a more "complete" solution - it just means it has more bells
> and whistles. A bicycle doesn't need a ticking card mounted through the
> spokes for it to be considered a "complete solution". :-) Somebody might
> one day want that "feature" - but it's extra - it's not core.

Agreed. Many commercial database solutions start to look like
Frankenstein with all the bolted-on components.

--
Bruce Momjian <bruce(a)momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Ron Mayer on
Bruce Momjian wrote:
> Yep, this is illustrating something that is pretty basic to open source
> --- that is open source often provides the tools for a solution, rather
> than a complete solution. I often think of open source as providing a
> calculator with wires sticking out, rather than calculator buttons; the
> wires allow more flexibility, but they are harder to use.

I disagree. Open source typically provides the complete solution
too - just not from the developer who programs one component of the
solution.

Checklist writers intentionally use this to make straw-man arguments.
People used to say "linux doesn't even have a GUI" - noting that
X11 is a separate project.

Now people have database checkboxes for:

* a GUI admin tool (which we have, though it's a separate package)
* GIS data types (which we have, though it's a separate package)
* server-side password filters (which we have, though LDAP, etc)
* replication (which we have, though many packages)
* clustering (which we have, though hadoopdb)

The Linux guys successfully communicated that it isn't fair
for checklists to compare an OS kernel against commercial
application suites. Seems it'd be good for the postgres
project to similarly communicate that the database kernel
is the core of a platform that's broader than just a
database kernel.

Ron


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: "Albe Laurenz" on
Bruce Momjian wrote:
> Great, added to TODO:
>
> Allow server-side enforcement of password policies
>
> Password checks might include password complexity or non-reuse of
> passwords. This facility will require the client to send the password to
> the server in plain-text, so SSL and 'password' authentication is
> necessary to use this features.

I don't get why you need 'password' authentication for that.
The point where the password should be checked is not when
the user uses it to logon, but when he or she changes it.

So in my opinion that should be:
This facility will require to send new and changed password to
the server in plain-text, so it will require SSL, and the use
of encrypted passwords in CREATE/ALTER ROLE will have to be
disabled.

Yours,
Laurenz Albe

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Peter Eisentraut on
On Thu, 2009-10-15 at 13:19 -0400, Robert Haas wrote:
> But I don't understand why everyone is
> so worked up about having an *optional* *flag* to force plaintext
> instead of MD5.

It would be pretty bad usability. Users would be faced with the choice:
you can have secure authentication or good passwords, but not both.
(For some values of "secure" and "good".) I think most people would
want both.


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers