Re: US VISA CISP PCI comp. needs SHA1
| От | Andrew Dunstan |
|---|---|
| Тема | Re: US VISA CISP PCI comp. needs SHA1 |
| Дата | |
| Msg-id | 47F3C9CA.60100@dunslane.net обсуждение исходный текст |
| Ответ на | US VISA CISP PCI comp. needs SHA1 (Matthew Wetmore <testroom@secomintl.com>) |
| Список | pgsql-hackers |
Matthew Wetmore wrote: > Not sure if I posted in correct spot.... > > > pg_8.2.6 > Centos5 > Windows based app. > encryped pwd = yes > SSL = yes, > hostssl with explicit IP w/md5. (no pg_crypto) > > > > We are in process of VISA CISP PCI compliance for our application. > (online cc auth - no stored cc data) [next phase will include stored cc > data] > > We just heard back today that they would like to use SHA1 for pwd auth. > > does anyone have any doco that will support md5 vs. SHA1? > > We also have global customers so we understand the us v non-US export stuff. > > Any direction is appreciated. > > > You could use pg_crypto plus application level passwords. As has been pointed out elsewhere, there is no security virtue in swapping MD5 password hashing in Postgres for SHA1. cheers andrew
В списке pgsql-hackers по дате отправления: