Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Re: contrib: auth_delay module
On Thu, Nov 4, 2010 at 6:05 AM, Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com> wrote: > 2010/11/4 KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>: >> The attached patch is a contrib module to inject a few seconds >> delay on authentication failed. It is also a proof of the concept >> using the new ClientAuthentication_hook. >> >> This module provides a similar feature to pam_faildelay on >> operating systems. Injection of a few seconds delay on >> authentication fails prevents (or makes hard at least) brute-force >> attacks, because it limits number of candidates that attacker can >> verify within a unit of time. > > +1 for the feature. We have "post_auth_delay" parameter, > but it has different purpose; it's as DEVELOPER_OPTIONS > for delay to attach a debugger. > > BTW, the module could save CPU usage of the server on attacks, > but do nothing about connection flood attacks, right? > If an attacker attacks the server with multiple connections, > the server still consumes max_connections even with the module. Hmm, I wonder how useful this is given that restriction. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
In response to
- Re: contrib: auth_delay module at 2010-11-04 13:05:01 from Itagaki Takahiro
Responses
- Re: contrib: auth_delay module at 2010-11-04 13:13:34 from Jan Urbański
pgsql-hackers by date
Next: From: Jan Urbański Date: 2010-11-04 13:13:34 Subject: Re: contrib: auth_delay module Previous: From: Itagaki Takahiro Date: 2010-11-04 13:05:01 Subject: Re: contrib: auth_delay module