From: | "mark" <dvlhntr(at)gmail(dot)com> |
---|---|
To: | "'Jean-Yves F(dot) Barbier'" <12ukwn(at)gmail(dot)com>, "'Mike Thomsen'" <mikerthomsen(at)gmail(dot)com> |
Cc: | <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Locking out a user after several failed login attempts |
Date: | 2011-06-30 13:10:43 |
Message-ID: | 009901cc3727$1f005730$5d010590$@com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
> -----Original Message-----
> From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-
> owner(at)postgresql(dot)org] On Behalf Of Jean-Yves F. Barbier
> Sent: Wednesday, June 29, 2011 10:01 AM
> To: Mike Thomsen
> Cc: pgsql-novice(at)postgresql(dot)org
> Subject: Re: [NOVICE] Locking out a user after several failed login
> attempts
>
> On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen
> <mikerthomsen(at)gmail(dot)com>
> wrote:
>
>
>
> > Yes, we're logging all connections to the database.
>
> I'm interested into that (you can it send to me as a PM.)
>
> So, you just have to add a counter to your login table:
> +------------------------------------+
> | |
> login attempt-----good----reset CTR to 1 |
> | |
> bad |
> | |
> CTR += 1 |
> | |
> CTR > 3?-------no-----------------------+
> |
> yes
> |
That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you are probably going to wish the counter lived outside of your RDBMS.
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2011-06-30 13:33:42 | Re: pg_advisory_locks in a multithreaded application context |
Previous Message | Michael Wood | 2011-06-30 11:05:29 | Re: Connecting to PostgreSQL server |