| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL WWW Mailing List <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Wiki 2FA |
| Date: | 2016-01-23 23:49:13 |
| Message-ID: | 12012.1453592953@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> On 01/23/2016 03:35 PM, Tom Lane wrote:
>> I doubt it would help much unless we required a 2FA auth cycle for
>> every single edit, which I for one wouldn't stand for. Reasonably
>> user-friendly policies like one auth a day would still be plenty
>> easy for spammers too. (They've got phones too ya know.)
> Bummer, o.k. Although it seems that spammers only go after easy targets.
I dunno. I was astonished that they came back a second time after we'd
once thrown them off and cleaned up the mess; you'd think they'd realize
that that would just happen again. I think it may have been an
intentional attack on the PG project as such, not just drive-by spamming.
(If so, and if the goal was to complicate our lives, they succeeded.)
Or maybe I'm just too paranoid.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2016-01-23 23:51:40 | Re: Wiki 2FA |
| Previous Message | Joshua D. Drake | 2016-01-23 23:44:12 | Re: Wiki 2FA |