| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Dave Hughes <dhughes20(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Passwordcheck configuration |
| Date: | 2020-03-23 13:42:29 |
| Message-ID: | c8b7090a12206dd3433dafd6a222249590ea987b.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, 2020-03-20 at 12:30 -0400, Dave Hughes wrote:
> Thank you for the information! This issue originated from a Department of Defense STIG
> (Security Technical Implementation Guides). It's a security check that applications
> and databases have to go through. I'll just leave this one as a "finding" since there
> isn't a way to really configure it to their requirements.
Our traditional answer is that for high security standards, you shouldn't use
passwords in the database, but some external authentication method like
Kerberos. Then you can enforce the password restrictions there.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Browne | 2020-03-23 14:12:08 | Re: Loading 500m json files to database |
| Previous Message | Rob Sargent | 2020-03-23 13:31:00 | Re: Loading 500m json files to database |