Re: password rules
| От | Greg Sabino Mullane |
|---|---|
| Тема | Re: password rules |
| Дата | |
| Msg-id | CAKAnmmLXLZT=UcTkHrU51Xm65ceQrT7ZCNXNHSRJS10zr7JRrw@mail.gmail.com обсуждение исходный текст |
| Ответ на | password rules (raphi <raphi@crashdump.ch>) |
| Ответы |
Re: password rules
|
| Список | pgsql-general |
On Mon, Jun 23, 2025 at 2:45 PM raphi <raphi@crashdump.ch> wrote:
As of now though we cannot use PG for any PCI/DSS certified application
because we can't enforce either complexity nor regular password changes,
You can, and many, many companies do, but you need a modern auth system like Kerberos. Even if we were to put something into Postgres today (and given the MFA and re-use requirements, it's near impossible), PCI DSS keeps evolving and getting stricter, so keeping up with it would get harder with each release.
Can I do something to help bringing these feature into PG? My C knowledge is very limited so I won't be able to provide a patch but I'd be more than happy to test it.
Your energy would be much better used in bringing Kerberos into your organization. :)
Cheers,
Greg
В списке pgsql-general по дате отправления: