On Fri, May 7, 2021 at 08:55:15AM -0500, Ron wrote:
> On 5/7/21 7:30 AM, Scott Ribe wrote:
> > > On May 6, 2021, at 11:40 PM, Ron <ronljohnsonjr@gmail.com> wrote:
> > >
> > > Comments like this are indicative of someone who's never been through an external audit.
> > While maybe true, the point stands that even the original source of the requirement has admitted it's a bad idea,
andstandards bodies are dropping it. So, unlike many other things we might consider pointless, with this one, you have
thekind of defense that might work in an audit.
>
> The problem is that Postgresql allows Really Short Passwords without
> uttering a peep, and that's not defensible to an auditor.
>
> psql (12.5 (Ubuntu 12.5-1.pgdg18.04+1))
> Type "help" for help.
>
> postgres=# create role foo password 'a';
> CREATE ROLE
> postgres=#
Have you considered passwordcheck?
https://www.postgresql.org/docs/13/passwordcheck.html
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
