create trigger in postgres to check the password strength
Hi All,
Is this possible to create trigger in postgres to check the password
strength( like char should be min 8 character) while to creating user or
role with password.
If it possible can you please share the script with me..
-Pawan
On Fri, Feb 3, 2017 at 8:44 PM, PAWAN SHARMA <er.pawanshr0963@gmail.com>
wrote:
Hi All,
Is this possible to create trigger in postgres to check the password
strength( like char should be min 8 character) while to creating user or
role with password.If it possible can you please share the script with me..
-Pawan
Trigger or function which check the password strength is useful for me
Whoops, accidentally sent this to only Pawan instead of the list:
Hey there, so I would highly suggest you avoid arbitrary password strength
policies like that. I wrote a library for my company which we use for
password strength estimation, but it is written in Java. I've been
thinking about how to port it to pl/pgsql so it could easily be packaged as
an extension and used natively in Postgres, but I just haven't had time to
get around to that yet. Here it is for reference: https://github.com/
GoSimpleLLC/nbvcxz
If you're actually interested in having an extension which works like the
above, and want to work on porting it, i'd be more than happy to jump in
and help out where I can. I just don't have the free cycles to do it my
self at the moment.
Now on to your original question...Why wouldn't it be possible to create a
trigger on your users table to check the password being inserted, raise an
error if it does not meet your requirement, or hash it if it does and
continue the insert? Seems pretty straight forward other than the
complexity of actually estimating how secure a password is.
On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <adambrusselback@gmail.com>
wrote:
Whoops, accidentally sent this to only Pawan instead of the list:
Hey there, so I would highly suggest you avoid arbitrary password strength
policies like that. I wrote a library for my company which we use for
password strength estimation, but it is written in Java. I've been
thinking about how to port it to pl/pgsql so it could easily be packaged as
an extension and used natively in Postgres, but I just haven't had time to
get around to that yet. Here it is for reference: https://github.com/
GoSimpleLLC/nbvcxzIf you're actually interested in having an extension which works like the
above, and want to work on porting it, i'd be more than happy to jump in
and help out where I can. I just don't have the free cycles to do it my
self at the moment.Now on to your original question...Why wouldn't it be possible to create a
trigger on your users table to check the password being inserted, raise an
error if it does not meet your requirement, or hash it if it does and
continue the insert? Seems pretty straight forward other than the
complexity of actually estimating how secure a password is.
Thanks Adam, but here the requirement to enforce password polices while
creating to the users.
create user abc with password 'Password';
where it will test that the password entered should be according to the
company standard, while creation of users.
So please suggest.
Google Ireland Ltd.,Gordon House, Barrow Street, Dublin 4, Ireland
Registered in Dublin, Ireland
Registration Number: 368047
On Fri, Feb 3, 2017 at 3:55 PM, PAWAN SHARMA <er.pawanshr0963@gmail.com>
wrote:
On Fri, Feb 3, 2017 at 9:11 PM, Adam Brusselback <
adambrusselback@gmail.com> wrote:Whoops, accidentally sent this to only Pawan instead of the list:
Hey there, so I would highly suggest you avoid arbitrary password
strength policies like that. I wrote a library for my company which we use
for password strength estimation, but it is written in Java. I've been
thinking about how to port it to pl/pgsql so it could easily be packaged as
an extension and used natively in Postgres, but I just haven't had time to
get around to that yet. Here it is for reference: https://github.com/
GoSimpleLLC/nbvcxzIf you're actually interested in having an extension which works like the
above, and want to work on porting it, i'd be more than happy to jump in
and help out where I can. I just don't have the free cycles to do it my
self at the moment.Now on to your original question...Why wouldn't it be possible to create
a trigger on your users table to check the password being inserted, raise
an error if it does not meet your requirement, or hash it if it does and
continue the insert? Seems pretty straight forward other than the
complexity of actually estimating how secure a password is.Thanks Adam, but here the requirement to enforce password polices while
creating to the users.create user abc with password 'Password';
where it will test that the password entered should be according to the
company standard, while creation of users.
So please suggest.
Consider using PAM authentication where you can insert any of already
existing password strength checks.
Or, maybe, LDAP auth where stuff will be enforced by LDAP server.
--
Vladimir Rusinov
Storage SRE, Google Ireland
Attachments:
Oh sorry, I misunderstood. Didn't realize you meant database users an not
an application user table implemented in Postgres. I'll let others answer
that then because i'm not aware of a way to do that.
Hi
2017-02-03 16:14 GMT+01:00 PAWAN SHARMA <er.pawanshr0963@gmail.com>:
Hi All,
Is this possible to create trigger in postgres to check the password
strength( like char should be min 8 character) while to creating user or
role with password.If it possible can you please share the script with me..
yes, it is possible (with a extension)
Regards
Pavel
Show quoted text
-Pawan
2017-02-03 17:17 GMT+01:00 Pavel Stehule <pavel.stehule@gmail.com>:
Hi
2017-02-03 16:14 GMT+01:00 PAWAN SHARMA <er.pawanshr0963@gmail.com>:
Hi All,
Is this possible to create trigger in postgres to check the password
strength( like char should be min 8 character) while to creating user or
role with password.If it possible can you please share the script with me..
yes, it is possible (with a extension)
http://paquier.xyz/postgresql-2/postgres-module-highlight-
customize-passwordcheck-to-secure-your-database/
You can use contrib extension
https://www.postgresql.org/docs/current/static/passwordcheck.html
Regards
Pavel
Show quoted text
Regards
Pavel
-Pawan