| From: | Holger Marzen <holger(at)marzen(dot)de> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | advanced Apache authorization: updates triggered by select? |
| Date: | 2002-09-17 14:44:29 |
| Message-ID: | Pine.LNX.4.44.0209171633500.17072-100000@bluebell.marzen.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi boys (and girls)?
Authorization to web contents can be eaysily done with some Apache
modules like mod_auth_pgsql (I wrote a little summary some time ago on
http://bluebell.marzen.de/mod_auth_pgsql/).
But what if we need some kind of protection agains brute force attacks?
The modules are usually designed to do only selects. Is it possible to
write some kind of magic that updates the same or another table at the
same time?
For every select there should automagically the following logic be
triggered:
- If userid/password is correct then set a counter for this userid to
zero.
- If userid/password is not correct then increment the counter for this
userid.
That should be enough because the password check could include something
like "and counter <= 5".
Any ideas?
--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Wim | 2002-09-17 14:46:00 | Re: [GENERAL] Still big problems with pg_dump! |
| Previous Message | Jan Wieck | 2002-09-17 14:42:58 | Re: connecting inside pl/pgsql |