Re: Locking out a user after several failed login attempts
| От | mark |
|---|---|
| Тема | Re: Locking out a user after several failed login attempts |
| Дата | |
| Msg-id | 009901cc3727$1f005730$5d010590$@com обсуждение исходный текст |
| Ответ на | Re: Locking out a user after several failed login attempts ("Jean-Yves F. Barbier" <12ukwn@gmail.com>) |
| Ответы |
Re: Locking out a user after several failed login attempts
Re: Locking out a user after several failed login attempts |
| Список | pgsql-novice |
> -----Original Message----- > From: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice- > owner@postgresql.org] On Behalf Of Jean-Yves F. Barbier > Sent: Wednesday, June 29, 2011 10:01 AM > To: Mike Thomsen > Cc: pgsql-novice@postgresql.org > Subject: Re: [NOVICE] Locking out a user after several failed login > attempts > > On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen > <mikerthomsen@gmail.com> > wrote: > > > > > Yes, we're logging all connections to the database. > > I'm interested into that (you can it send to me as a PM.) > > So, you just have to add a counter to your login table: > +------------------------------------+ > | | > login attempt-----good----reset CTR to 1 | > | | > bad | > | | > CTR += 1 | > | | > CTR > 3?-------no-----------------------+ > | > yes > | That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you areprobably going to wish the counter lived outside of your RDBMS.
В списке pgsql-novice по дате отправления: