Skip site navigation (1) Skip section navigation (2)

Re: Locking out a user after several failed login attempts

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "mark" <dvlhntr(at)gmail(dot)com>
Cc: "'Jean-Yves F(dot) Barbier'" <12ukwn(at)gmail(dot)com>, "'Mike Thomsen'" <mikerthomsen(at)gmail(dot)com>, pgsql-novice(at)postgresql(dot)org
Subject: Re: Locking out a user after several failed login attempts
Date: 2011-07-01 22:51:34
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
"mark" <dvlhntr(at)gmail(dot)com> writes:
>> From: pgsql-novice-owner(at)postgresql(dot)org [mailto:pgsql-novice-
>> owner(at)postgresql(dot)org] On Behalf Of Jean-Yves F. Barbier
>> So, you just have to add a counter to your login table:

> That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you are probably going to wish the counter lived outside of your RDBMS. 

Usually, when somebody asks for this or related security-policy hacks,
we suggest using PAM for authentication.  There are already PAM modules
for practically any reasonable password policy, so why reinvent the
wheel ...

			regards, tom lane

In response to

pgsql-novice by date

Next:From: Jaime CasanovaDate: 2011-07-04 15:11:54
Subject: Re: scheduling of index rebuild , analyze , etc...
Previous:From: Richard BroersmaDate: 2011-07-01 13:28:09
Subject: Re: problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group