| From: | Matthew Wetmore <m(dot)wetmore(at)secomintl(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Visa CISP PCI compliance needs SHA1? |
| Date: | 2008-04-02 17:52:21 |
| Message-ID: | 47F3C7D5.4060409@secomintl.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Not sure if I posted in correct spot....
But seems to be topic of today...funny on same day I hear from Visa.
pg_8.2.6
Centos5
Windows based app.
encryped pwd = yes
SSL = yes,
hostssl, with explicit IP w/md5,. (no pg_crypto)
This is just with client / server pwd auth
We are in process of VISA CISP PCI compliance for our application.
(online cc auth - no stored cc data)
[next phase will include stored cc data]
We just heard back today that they would like to use SHA1 NOT md5 for
pwd auth.
does anyone have any doco that will support md5 vs. SHA1?
is PG_crypto in the db (meaning crypt the md5 hash )still the same as
md5 auth
We also have global customers so we understand the US v non-US export stuff.
Any direction is appreciated.
Thanks in advance.
/matthew wetmore
--
Matthew Wetmore
Secom International, Inc
9610 Bellanca, Ave.
Los Angeles, CA 90045
310-641-1290
This e-mail is intended for the addressee shown. It contains information
that is confidential and protected from disclosure. Any review,
dissemination or use of this transmission or its contents by persons or
unauthorized employees of the intended organisations is strictly
prohibited.
The contents of this email do not necessarily represent the views or
policies of Secom International Inc., or its employees.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Smith | 2008-04-02 17:58:03 | Patch queue -> wiki (was varadic patch) |
| Previous Message | Alvaro Herrera | 2008-04-02 17:51:57 | Re: US VISA CISP PCI comp. needs SHA1 |