The Password Policy describes the following:
Password Strength Requirements¶
As part of our compliance with GDPR standards SQream relies on a strong password policy when accessing the CLI or Studio, with the following requirements:
At least eight characters long.
Mandatory upper and lowercase letters.
At least one numeric character.
May not include a username.
Must include at least one special character, such as ?, !, $, etc.
You can create a password by using the Studio graphic interface or using the CLI, as in the following example command:
CREATE ROLE user_a ; GRANT LOGIN to user_a ; GRANT PASSWORD 'BBAu47?fqPL' to user_a ;
Creating a password which does not comply with the password policy generates an error message with a request to include any of the missing above requirements:
The password you attempted to create does not comply with SQream's security requirements. Your password must: * Be at least eight characters long. * Contain upper and lowercase letters. * Contain at least one numeric character. * Not include a username. * Include at least one special character, such as **?**, **!**, **$**, etc.
Brute Force Prevention¶
Unsuccessfully attempting to log in five times displays the following message:
The user is locked. Please contact your system administrator to reset the password and regain access functionality.
You must have superuser permissions to release a locked user to grant a new password:
GRANT PASSWORD '<password>' to <blocked_user>;
For more information, see Adjusting Permitted Log-in Attempts.
Because superusers can also be blocked, you must have at least two superusers per cluster.