On Fri, 2020-03-20 at 12:30 -0400, Dave Hughes wrote: > Thank you for the information! This issue originated from a Department of > Defense STIG > (Security Technical Implementation Guides). It's a security check that > applications > and databases have to go through. I'll just leave this one as a "finding" > since there > isn't a way to really configure it to their requirements.
Our traditional answer is that for high security standards, you shouldn't use passwords in the database, but some external authentication method like Kerberos. Then you can enforce the password restrictions there. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
