Matthew Wetmore wrote:
> Not sure if I posted in correct spot....
> Windows based app.
> encryped pwd = yes
> SSL = yes,
> hostssl with explicit IP w/md5. (no pg_crypto)
> We are in process of VISA CISP PCI compliance for our application.
> (online cc auth - no stored cc data) [next phase will include stored cc
> We just heard back today that they would like to use SHA1 for pwd auth.
> does anyone have any doco that will support md5 vs. SHA1?
> We also have global customers so we understand the us v non-US export stuff.
> Any direction is appreciated.
You could use pg_crypto plus application level passwords.
As has been pointed out elsewhere, there is no security virtue in
swapping MD5 password hashing in Postgres for SHA1.
In response to
pgsql-hackers by date
|Next:||From: Peter Eisentraut||Date: 2008-04-02 18:28:00|
|Subject: Re: [GENERAL] SHA1 on postgres 8.3|
|Previous:||From: Greg Smith||Date: 2008-04-02 17:58:03|
|Subject: Patch queue -> wiki (was varadic patch)|