Re: Locking out a user after several failed login attempts

From: "mark" <dvlhntr(at)gmail(dot)com>
To: "'Jean-Yves F(dot) Barbier'" <12ukwn(at)gmail(dot)com>, "'Mike Thomsen'" <mikerthomsen(at)gmail(dot)com>
Cc: <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Locking out a user after several failed login attempts
Date: 2011-06-30 13:10:43
Message-ID: 009901cc3727$1f005730$5d010590$@com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

> -----Original Message-----
> From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-
> owner(at)postgresql(dot)org] On Behalf Of Jean-Yves F. Barbier
> Sent: Wednesday, June 29, 2011 10:01 AM
> To: Mike Thomsen
> Cc: pgsql-novice(at)postgresql(dot)org
> Subject: Re: [NOVICE] Locking out a user after several failed login
> attempts
>
> On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen
> <mikerthomsen(at)gmail(dot)com>
> wrote:
>
>
>
> > Yes, we're logging all connections to the database.
>
> I'm interested into that (you can it send to me as a PM.)
>
> So, you just have to add a counter to your login table:
> +------------------------------------+
> | |
> login attempt-----good----reset CTR to 1 |
> | |
> bad |
> | |
> CTR += 1 |
> | |
> CTR > 3?-------no-----------------------+
> |
> yes
> |

That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you are probably going to wish the counter lived outside of your RDBMS.

In response to

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message Merlin Moncure 2011-06-30 13:33:42 Re: pg_advisory_locks in a multithreaded application context
Previous Message Michael Wood 2011-06-30 11:05:29 Re: Connecting to PostgreSQL server