LuGuangming commented on PR #61778: URL: https://github.com/apache/doris/pull/61778#issuecomment-4154502157
> We already have a global session variable: `validate_password_policy`. What is diff? The current session-based approach can easily lead to bypassing password verification. If someone has already set a simple password and stored it in Doris, while another person sets a global variable to enable complex password verification, this will cause the verification function to be bypassed. Moreover, when the service is restarted, the verification cannot be persisted. It is recommended that whether to enable complex password verification should be controlled on the service side. In addition, the current verification logic logic has an "isPlain" check at the entry point, which may cause some logic to be skipped. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
