From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "mark" <dvlhntr(at)gmail(dot)com> |
Cc: | "'Jean-Yves F(dot) Barbier'" <12ukwn(at)gmail(dot)com>, "'Mike Thomsen'" <mikerthomsen(at)gmail(dot)com>, pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Locking out a user after several failed login attempts |
Date: | 2011-07-01 22:51:34 |
Message-ID: | 7068.1309560694@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
"mark" <dvlhntr(at)gmail(dot)com> writes:
>> From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-
>> owner(at)postgresql(dot)org] On Behalf Of Jean-Yves F. Barbier
>> So, you just have to add a counter to your login table:
> That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you are probably going to wish the counter lived outside of your RDBMS.
Usually, when somebody asks for this or related security-policy hacks,
we suggest using PAM for authentication. There are already PAM modules
for practically any reasonable password policy, so why reinvent the
wheel ...
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jaime Casanova | 2011-07-04 15:11:54 | Re: scheduling of index rebuild , analyze , etc... |
Previous Message | Richard Broersma | 2011-07-01 13:28:09 | Re: problem |