> > No, there is not. Does anyone want to suggest a possible implementation
> > for the TODO list?
> I would like to see a combination of number of login failures and a
> timeout, configurable via the conf file. Say, X login failures
> disables further logins for that account for Y minutes.
> That would be groovy. :)
And dangerous. Imagine a system with say, apache accound used
from some Apache application. And a maluser who purposefully
tries to log in to "apache" account and fails, thus causing a DoS
on the web application. :)
...of course with careful planning and right implementation it
would be very good.
Anyway, a simple 'sleep 2 seconds before telling that password
was wrong' would be a good addition anyhow. [ if it already is
inside PgSQL, please forgive me :) ]
In response to
pgsql-admin by date
|Next:||From: Pallav Kalva||Date: 2005-04-18 21:05:53|
|Subject: Re: Postgres Log rotation not working in 8.0.2|
|Previous:||From: Bruce Momjian||Date: 2005-04-18 20:55:45|
|Subject: Re: brute force attacking the password|