Matthew Wetmore wrote:
Not sure if I posted in correct spot....
pg_8.2.6
Centos5
Windows based app.
encryped pwd = yes
SSL = yes,
hostssl with explicit IP w/md5. (no pg_crypto)
We are in process of VISA CISP PCI compliance for our application.
(online cc auth - no stored cc data) [next phase will include stored cc
data]
We just heard back today that they would like to use SHA1 for pwd auth.
does anyone have any doco that will support md5 vs. SHA1?
We also have global customers so we understand the us v non-US export stuff.
Any direction is appreciated.
You could use pg_crypto plus application level passwords.
As has been pointed out elsewhere, there is no security virtue in
swapping MD5 password hashing in Postgres for SHA1.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
