I’ll be speaking about “The PCI-Compilant Database” at PGConf Silicon Valley!
There are 2 comments.
There are several problems with this slides:
17: No authentication shown, as this is done by the system, not postgresql. So there are no credentials.
30: The complexity of a PAN is similar to a password. If you ever use any standard hash on it you are toast. If you got four digits ready, the remaining complexity is 10^12 or somewhere near 2^43, which is clearly doable in gpu-land.
17. You are missing the point. Default passwords are not acceptable under PCI, including the postgres account using trust or peer authentication.
30. Hashing with a strong cryptographic hash is permitted under PCI.
the build is christophe pettus' software development blog. it has an rss feed. christophe is ceo of PostgreSQL Experts, Inc.