| From: | Chris Travers <chris(dot)travers(at)gmail(dot)com> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | "Victor Yegorov *EXTERN*" <vyegorov(at)gmail(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Password Security Standarts on PostgreSQL |
| Date: | 2013-03-08 13:45:46 |
| Message-ID: | CAKt_ZfuT-6EOagHajsP37hwAjykreOk2+s-1a-8WNTqQirNkaA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Mar 8, 2013 at 4:07 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>wrote:
> Victor Yegorov wrote:
> > 2013/3/8 Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
> >> This way you can also force a certain password expiry date
> >> (PostgreSQL does not have a password life time).
> >
> > What bout ALTER ROLE ... VALID UNTIL 'timestamp' ?
>
> That's the password expiry date.
>
> Oracle's concept is different: it sets a limit on the time
> between password changes.
> There is no such thing in PostgreSQL.
BTW, your suggestion to use a function here is exactly what we do in
LedgerSMB. Password expiration is forced to be now() + an interval
specified in a configuration table.
It would be nice to be able to do handling of failed login attempts but
currently I don;t think that's possible from within PostgreSQL (i.e.
without external auth).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Leif Gunnar Erlandsen | 2013-03-08 13:50:42 | Re: Can't Drop Role |
| Previous Message | Carlos Mennens | 2013-03-08 12:53:04 | Can't Drop Role |