| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | holger(at)marzen(dot)de, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: advanced Apache authorization: updates triggered by select? |
| Date: | 2002-09-17 15:42:01 |
| Message-ID: | 200209171642.01419.dev@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tuesday 17 Sep 2002 3:44 pm, Holger Marzen wrote:
> Hi boys (and girls)?
>
> Authorization to web contents can be eaysily done with some Apache
> modules like mod_auth_pgsql (I wrote a little summary some time ago on
> http://bluebell.marzen.de/mod_auth_pgsql/).
>
> But what if we need some kind of protection agains brute force attacks?
> The modules are usually designed to do only selects. Is it possible to
> write some kind of magic that updates the same or another table at the
> same time?
> - If userid/password is correct then set a counter for this userid to
> zero.
> - If userid/password is not correct then increment the counter for this
> userid.
You'll want to write a plpgsql function so you can do:
SELECT check_password('user','password');
Then in check_password you can do your counting. See the Programmers Guide pt
III and http://techdocs.postgresql.org/ for help on writing functions.
Ideally, you could do this with a view and a SELECT rule, but SELECT rules
seem to only allow a single action and that has to be a SELECT.
HTH
- Richard Huxton
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lamar Owen | 2002-09-17 15:43:55 | Re: [HACKERS] An opportunity to prove PostgreSQL and our requirement of Case Study info |
| Previous Message | Alex Rice | 2002-09-17 15:38:49 | Re: find overlapping address ranges |