> On Wed, Dec 21, 2005 at 04:35:00PM -0000, Donald Fraser wrote: > > Roles are a great improvement to postgresql, but we also talking security > > issues here: > > Our module controls things like: > > 1) how long before a user must change their password (daily, weekly, monthly > > etc) > > 2) password rotation - for example a user cannot use the same password > > within the last three changes > > 3) Password semantics: length of password, dictionary word checks and so > > on... > > 4) Restricting a users rights until they have changed their password (they > > cannot use the system until they change the password set by the > > administrator) From: "Jim C. Nasby" > Can you release any of that code under a BSD license? Some of those > should arguably be built-in. If nothing else, it would be good reference > code for others. Though, you can set a 'valid until' limit on roles > right now, but I suppose that's not exactly the same as what you have. I was afraid someone might ask that question... The short answer is no :-( The long answer is there is too much of our company specific code embedded within it, which would make for a lot of changes and un-tested code if I were to sit down and strip all the unnecessary gook out. Additionally there are implied protocols to adhere to (which means writing additional documentation), a java automation engine, which in turn uses a modified postgresql JDBC driver, of which is only at the 7.4 version level. To top it off the code now doesn't work with version 8.1.x. As I am a one man band, I have problems keeping on top of everything. I would on the first instance like to merge some of my JDBC driver enhancements so that I could then release to the public my automation engine which would then allow me to release further code... As we are still running postgresql 7.4 I will have to pull my finger out and get some of these issues sorted so that we can upgrade to at least 8.0. So may be sometime next year you'll see some of it in the public domain.... No promises but I have released other stuff in the past - for example (http://gborg.postgresql.org/project/citext/projdisplay.php) Regards Donald Fraser