| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Geoff Winkless <pgsqladmin(at)geoff(dot)dj> |
| Cc: | Tim Cross <theophilusx(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Lock Postgres account after X number of failed logins? |
| Date: | 2020-05-06 13:28:28 |
| Message-ID: | 20200506132828.GP13712@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
* Geoff Winkless (pgsqladmin(at)geoff(dot)dj) wrote:
> On Wed, 6 May 2020 at 00:05, Tim Cross <theophilusx(at)gmail(dot)com> wrote:
> > Where Tom's solution fails is with smaller companies that cannot afford
> > this level of infrastructure.
>
> Is there an objection to openldap? It's lightweight (so could
> reasonably be run on the same hardware without significant impact),
> BSD-ish and mature, and (with the password policy overlay) should
> provide exactly the functionality the OP requested.
LDAP-based authentication in PG involves passing the user's password to
the database server in the clear (or tunneled through SSL, but that
doesn't help if the DB is compromised), so it's really not a good
solution.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christian Ramseyer | 2020-05-06 13:29:36 | Re: Encoding conversion: Use replacement character instead of failing query with "ERROR: character with byte sequence 0xd0 0xad in encoding "UTF8" has no equivalent in encoding LATIN1" ? |
| Previous Message | Ram Pratap Maurya | 2020-05-06 13:21:51 | RE: Abnormal Growth of Index Size - Index Size 3x large than table size. |