Re: advanced Apache authorization: updates triggered by select?

On Tuesday 17 Sep 2002 3:44 pm, Holger Marzen wrote:
> Hi boys (and girls)?
>
> Authorization to web contents can be eaysily done with some Apache
> modules like mod_auth_pgsql (I wrote a little summary some time ago on
> http://bluebell.marzen.de/mod_auth_pgsql/).
>
> But what if we need some kind of protection agains brute force attacks?
> The modules are usually designed to do only selects. Is it possible to
> write some kind of magic that updates the same or another table at the
> same time?

> - If userid/password is correct then set a counter for this userid to
>   zero.
> - If userid/password is not correct then increment the counter for this
>   userid.

You'll want to write a plpgsql function so you can do:

SELECT check_password('user','password');

Then in check_password you can do your counting. See the Programmers Guide pt
III and http://techdocs.postgresql.org/ for help on writing functions.

Ideally, you could do this with a view and a SELECT rule, but SELECT rules
seem to only allow a single action and that has to be a SELECT.

HTH

- Richard Huxton