| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | raphi <raphi(at)crashdump(dot)ch> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: password rules |
| Date: | 2025-06-24 23:20:21 |
| Message-ID: | CAKAnmmLXLZT=UcTkHrU51Xm65ceQrT7ZCNXNHSRJS10zr7JRrw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Jun 23, 2025 at 2:45 PM raphi <raphi(at)crashdump(dot)ch> wrote:
> As of now though we cannot use PG for any PCI/DSS certified application
> because we can't enforce either complexity nor regular password changes,
>
You can, and many, many companies do, but you need a modern auth system
like Kerberos. Even if we were to put something into Postgres today (and
given the MFA and re-use requirements, it's near impossible), PCI DSS keeps
evolving and getting stricter, so keeping up with it would get harder with
each release.
Can I do something to help bringing these feature into PG? My C knowledge
> is very limited so I won't be able to provide a patch but I'd be more than
> happy to test it.
Your energy would be much better used in bringing Kerberos into your
organization. :)
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | raphi | 2025-06-25 06:14:48 | Re: password rules |
| Previous Message | Adrian Klaver | 2025-06-24 15:48:53 | Re: pg_combinebackup failure |