Skip site navigation (1) Skip section navigation (2)

Re: Locking out a user after several failed login attempts

From: "mark" <dvlhntr(at)gmail(dot)com>
To: "'Jean-Yves F(dot) Barbier'" <12ukwn(at)gmail(dot)com>,"'Mike Thomsen'" <mikerthomsen(at)gmail(dot)com>
Cc: <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Locking out a user after several failed login attempts
Date: 2011-06-30 13:10:43
Message-ID: 009901cc3727$1f005730$5d010590$@com (view raw or flat)
Thread:
Lists: pgsql-novice

> -----Original Message-----
> From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-
> owner(at)postgresql(dot)org] On Behalf Of Jean-Yves F. Barbier
> Sent: Wednesday, June 29, 2011 10:01 AM
> To: Mike Thomsen
> Cc: pgsql-novice(at)postgresql(dot)org
> Subject: Re: [NOVICE] Locking out a user after several failed login
> attempts
> 
> On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen
> <mikerthomsen(at)gmail(dot)com>
> wrote:
> 
> 
> 
> > Yes, we're logging all connections to the database.
> 
> I'm interested into that (you can it send to me as a PM.)
> 
> So, you just have to add a counter to your login table:
>       +------------------------------------+
>       |                                    |
> login attempt-----good----reset CTR to 1   |
>       |                                    |
>      bad                                   |
>       |                                    |
>    CTR += 1                                |
>       |                                    |
>    CTR > 3?-------no-----------------------+
>       |
>      yes
>       |



That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you are probably going to wish the counter lived outside of your RDBMS. 



In response to

Responses

pgsql-novice by date

Next:From: Merlin MoncureDate: 2011-06-30 13:33:42
Subject: Re: pg_advisory_locks in a multithreaded application context
Previous:From: Michael WoodDate: 2011-06-30 11:05:29
Subject: Re: Connecting to PostgreSQL server

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group