Re: contrib: auth_delay module
| От | Jeff Janes |
|---|---|
| Тема | Re: contrib: auth_delay module |
| Дата | |
| Msg-id | AANLkTingqcuZz7hBRO9mtiHe1VYUTCfX2vOErLHdaXzc@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: contrib: auth_delay module (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: contrib: auth_delay module
|
| Список | pgsql-hackers |
On Thu, Nov 4, 2010 at 6:35 AM, Stephen Frost <sfrost@snowman.net> wrote: > * Jan Urbański (wulczer@wulczer.org) wrote: >> On 04/11/10 14:09, Robert Haas wrote: >> > Hmm, I wonder how useful this is given that restriction. >> >> As KaiGai mentined, it's more to make bruteforcing difficult (read: tmie >> consuming), right? > > Which it would still do, since the attacker would be bumping up against > max_connections. max_connections would be a DOS point, but that's no > different from today. I haven' t thought of a way to test this, so I guess I'll just ask. If the attacking client just waits a few milliseconds for a response and then drops the socket, opening a new one, will the server-side walking-dead process continue to be charged against max_connections until it's sleep expires? Cheers, Jeff
В списке pgsql-hackers по дате отправления: