Skip site navigation (1) Skip section navigation (2)

Re: brute force attacking the password

From: Enrico Weigelt <weigelt(at)metux(dot)de>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: brute force attacking the password
Date: 2005-05-11 22:25:48
Message-ID: 20050511222548.GD6485@nibiru.borg.metux.de (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-admin
* Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:

<snip>
> since brute force attacks are quit traceable (targetting one and the 
> same user eg..),
> one could a script to check:
> - the percentage of failed logins/user, depending on the percentage (eg 
> 75% or more failed, this should be configurable), these events should be 
> reporteg in security.log file under the postgres log directory, or 
> mailed to user (inetd...)
> - if there are more than eg 10 (this should be configurable) failed 
> consecutive logins/user, this should again be reported.

BTW: is it possible to do this directly in the database - by rules and
triggers on the appropriate system tables ?


cu
-- 
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service
  phone:     +49 36207 519931         www:       http://www.metux.de/
  fax:       +49 36207 519932         email:     contact(at)metux(dot)de
---------------------------------------------------------------------
  Realtime Forex/Stock Exchange trading powered by postgresSQL :))
                                            http://www.fxignal.net/
---------------------------------------------------------------------

In response to

pgsql-admin by date

Next:From: Tom LaneDate: 2005-05-11 22:25:55
Subject: Re: [GENERAL] Storing database in WORM devices
Previous:From: Enrico WeigeltDate: 2005-05-11 22:23:05
Subject: Re: brute force attacking the password

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group