| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Oliver Elphick" <olly(at)lfix(dot)co(dot)uk> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [BUGS] user authentication crash by Erik Luke (20-08-2001; 1.3kb) |
| Date: | 2001-11-01 17:52:28 |
| Message-ID: | 22543.1004637148@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Oliver Elphick" <olly(at)lfix(dot)co(dot)uk> writes:
> Tom Lane wrote:
>>>> Hmm. I can see how a linefeed in a password would create a problem (it
>>>> breaks the line-oriented formatting of the pg_pwd file).
> ...
>>>> In any case it seems like it'd be a good idea to forbid nonprinting
>>>> characters in passwords. Comments anyone?
> That sounds too restrictive; allowing non-printing characters should
> improve password security. Why not simply exclude linefeed and
> carriage return?
Actually it seems that linefeed and tab are the minimum set of
characters that must be excluded to avoid breaking pg_pwd.
Working on it now ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2001-11-01 17:58:47 | Licensing issues including another projects source code into the jdbc driver |
| Previous Message | Oliver Elphick | 2001-11-01 17:34:01 | Re: [BUGS] user authentication crash by Erik Luke |