On Mon, 2009-09-28 at 15:59 -0700, Joshua D. Drake wrote:
> On Mon, 2009-09-28 at 15:52 -0700, Josh Berkus wrote:
> > > It takes about 32 hours to brute force all passwords from [a-zA-Z0-9]
> > > of up to 8 chars in length.
> > That would be a reason to limit the number of failed connection attempts
> > from a single source, then, rather than a reason to change the hash
> > function.
> > Hmmm, that would be a useful, easy (I think) security feature: add a GUC
> > for failed_logins_allowed.
> Why a GUC, can't we just use ALTER ROLE (or ALTER DATABASE)?
If you make it a GUC, you get those for free. (That's what the "U"
In response to
pgsql-hackers by date
|Next:||From: Magnus Hagander||Date: 2009-09-29 12:38:52|
|Subject: Re: Small patch for README|
|Previous:||From: Bernd Helmle||Date: 2009-09-29 11:19:50|
|Subject: Re: TODO item: Allow more complex user/database default