| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Jan Urbański <wulczer(at)wulczer(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, PostgreSQL-Hackers <pgsql-hackers(at)postgresql(dot)org>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Subject: | Re: contrib: auth_delay module |
| Date: | 2010-11-27 19:44:59 |
| Message-ID: | AANLkTingqcuZz7hBRO9mtiHe1VYUTCfX2vOErLHdaXzc@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 4, 2010 at 6:35 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Jan Urbański (wulczer(at)wulczer(dot)org) wrote:
>> On 04/11/10 14:09, Robert Haas wrote:
>> > Hmm, I wonder how useful this is given that restriction.
>>
>> As KaiGai mentined, it's more to make bruteforcing difficult (read: tmie
>> consuming), right?
>
> Which it would still do, since the attacker would be bumping up against
> max_connections. max_connections would be a DOS point, but that's no
> different from today.
I haven' t thought of a way to test this, so I guess I'll just ask.
If the attacking client just waits a few milliseconds for a response
and then drops the socket, opening a new one, will the server-side
walking-dead process continue to be charged against max_connections
until it's sleep expires?
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-11-27 19:46:56 | Re: pgsql: Remove outdated comments from the regression test files. |
| Previous Message | Bruce Momjian | 2010-11-27 19:31:31 | Re: GiST insert algorithm rewrite |