Re: Password Security Standarts on PostgreSQL
| От | Chris Travers |
|---|---|
| Тема | Re: Password Security Standarts on PostgreSQL |
| Дата | |
| Msg-id | CAKt_ZfuT-6EOagHajsP37hwAjykreOk2+s-1a-8WNTqQirNkaA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Password Security Standarts on PostgreSQL (Albe Laurenz <laurenz.albe@wien.gv.at>) |
| Список | pgsql-general |
On Fri, Mar 8, 2013 at 4:07 AM, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
That's the password expiry date.Victor Yegorov wrote:
> 2013/3/8 Albe Laurenz <laurenz.albe@wien.gv.at>
>> This way you can also force a certain password expiry date
>> (PostgreSQL does not have a password life time).
>
> What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?
Oracle's concept is different: it sets a limit on the time
between password changes.
There is no such thing in PostgreSQL.
BTW, your suggestion to use a function here is exactly what we do in LedgerSMB. Password expiration is forced to be now() + an interval specified in a configuration table.
It would be nice to be able to do handling of failed login attempts but currently I don;t think that's possible from within PostgreSQL (i.e. without external auth).
В списке pgsql-general по дате отправления: