Обсуждение: Re: PostgreSQL db password policy
Hello Team,We are using PostgreSQL db for one of our projects. By default DB accepts any password. However client need password policy.We want to implement password policy (e.g. password expiry, password length etc) in PostgreSQL.Can you please advise how to achieve this in PostgreSQL ?Regards,Sudesh Mohane
Hi Sudesh Mohane
that's not an error, then this is not the list
by the way, you can check passwordcheck extension
or check the extension passwordcheck_extra, by M. Paquier
password expiry you can use crear user with VALID UNTIL option
Regards
El mar., 4 dic. 2018 a las 10:05, sudesh mohane (<smohane@gmail.com>) escribió:
Hello Team,We are using PostgreSQL db for one of our projects. By default DB accepts any password. However client need password policy.We want to implement password policy (e.g. password expiry, password length etc) in PostgreSQL.Can you please advise how to achieve this in PostgreSQL ?Regards,Sudesh Mohane
On Tue, Dec 04, 2018 at 05:15:25PM +0530, sudesh mohane wrote: > > Hello Team, > > > > We are using PostgreSQL db for one of our projects. By default DB > > accepts any password. However client need password policy. > > > > We want to implement password policy (e.g. password expiry, password > > length etc) in PostgreSQL. Unless your client has regulatory requirements for password expiration, you should discourage them in the strongest possible terms from implementing one. https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/SoLongAndNoThanks.pdf Best, David. -- David Fetter <david(at)fetter(dot)org> http://fetter.org/ Phone: +1 415 235 3778 Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate
On Tue, Dec 04, 2018 at 11:57:53AM -0300, Anthony Sotolongo wrote: > or check the extension passwordcheck_extra, by M. Paquier > https://github.com/michaelpq/pg_plugins/tree/master/passwordcheck_extra > > password expiry you can use crear user with VALID UNTIL option That's one possibility, I have no idea if anybody is packaging it and I don't have any plans to submit new RPMs, so if this is not available you will need to compile it yourself. Even with that, I think that you had better avoid passing a raw password string through the network. -- Michael