| From: | Enrico Weigelt <weigelt(at)metux(dot)de> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: brute force attacking the password |
| Date: | 2005-05-11 22:25:48 |
| Message-ID: | 20050511222548.GD6485@nibiru.borg.metux.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
* Wim Bertels <wim(dot)bertels(at)khleuven(dot)be> wrote:
<snip>
> since brute force attacks are quit traceable (targetting one and the
> same user eg..),
> one could a script to check:
> - the percentage of failed logins/user, depending on the percentage (eg
> 75% or more failed, this should be configurable), these events should be
> reporteg in security.log file under the postgres log directory, or
> mailed to user (inetd...)
> - if there are more than eg 10 (this should be configurable) failed
> consecutive logins/user, this should again be reported.
BTW: is it possible to do this directly in the database - by rules and
triggers on the appropriate system tables ?
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact(at)metux(dot)de
---------------------------------------------------------------------
Realtime Forex/Stock Exchange trading powered by postgresSQL :))
http://www.fxignal.net/
---------------------------------------------------------------------
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-05-11 22:25:55 | Re: [GENERAL] Storing database in WORM devices |
| Previous Message | Enrico Weigelt | 2005-05-11 22:23:05 | Re: brute force attacking the password |