On Mon, Apr 18, 2005 at 16:55:45 -0400,
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
> I would like to pick something that matches what a typical Unix system
> does because I think the _fancy_ solutions actually cause weird problems
> like denial-of-service attacks by just trying to log in.
> How do typical open source Unix's handle it? It think they slow down
> prompting for a password --- but as I remember we only allow one
> password attempt per connection so that is already covered.
Can't people use PAM to get this effect if they want it?
For most people password guessing isn't going to be a big problem as
the database won't be accessible from totally untrusted places and watching
the log files for guessing will probably be a good enough solution.
In response to
pgsql-admin by date
|Next:||From: Wim Bertels||Date: 2005-04-19 13:12:58|
|Subject: Re: brute force attacking the password|
|Previous:||From: Nikhil Pant||Date: 2005-04-19 10:00:09|
|Subject: Installing PostGres|