The Build


“The PCI-Compliant Database” at PGConfSV

18 November 2015

I’ll be speaking about “The PCI-Compilant Database” at PGConf Silicon Valley!

Bastian at 00:21, 29 November 2015:


There are several problems with this slides:

17: No authentication shown, as this is done by the system, not postgresql. So there are no credentials.
30: The complexity of a PAN is similar to a password. If you ever use any standard hash on it you are toast. If you got four digits ready, the remaining complexity is 10^12 or somewhere near 2^43, which is clearly doable in gpu-land.

Xof at 00:36, 29 November 2015:

17. You are missing the point. Default passwords are not acceptable under PCI, including the postgres account using trust or peer authentication.
30. Hashing with a strong cryptographic hash is permitted under PCI.