public inbox for [email protected]
help / color / mirror / Atom feedFrom: Greg Sabino Mullane <[email protected]>
To: raphi <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: [email protected]
Subject: Re: password rules
Date: Tue, 24 Jun 2025 19:20:21 -0400
Message-ID: <CAKAnmmLXLZT=UcTkHrU51Xm65ceQrT7ZCNXNHSRJS10zr7JRrw@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
On Mon, Jun 23, 2025 at 2:45 PM raphi <[email protected]> wrote:
> As of now though we cannot use PG for any PCI/DSS certified application
> because we can't enforce either complexity nor regular password changes,
>
You can, and many, many companies do, but you need a modern auth system
like Kerberos. Even if we were to put something into Postgres today (and
given the MFA and re-use requirements, it's near impossible), PCI DSS keeps
evolving and getting stricter, so keeping up with it would get harder with
each release.
Can I do something to help bringing these feature into PG? My C knowledge
> is very limited so I won't be able to provide a patch but I'd be more than
> happy to test it.
Your energy would be much better used in bringing Kerberos into your
organization. :)
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
view thread (3+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: password rules
In-Reply-To: <CAKAnmmLXLZT=UcTkHrU51Xm65ceQrT7ZCNXNHSRJS10zr7JRrw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox