Re: Lock Postgres account after X number of failed logins?

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Geoff Winkless <pgsqladmin(at)geoff(dot)dj>
Cc: Tim Cross <theophilusx(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Lock Postgres account after X number of failed logins?
Date: 2020-05-06 13:28:28
Message-ID: 20200506132828.GP13712@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Greetings,

* Geoff Winkless (pgsqladmin(at)geoff(dot)dj) wrote:
> On Wed, 6 May 2020 at 00:05, Tim Cross <theophilusx(at)gmail(dot)com> wrote:
> > Where Tom's solution fails is with smaller companies that cannot afford
> > this level of infrastructure.
>
> Is there an objection to openldap? It's lightweight (so could
> reasonably be run on the same hardware without significant impact),
> BSD-ish and mature, and (with the password policy overlay) should
> provide exactly the functionality the OP requested.

LDAP-based authentication in PG involves passing the user's password to
the database server in the clear (or tunneled through SSL, but that
doesn't help if the DB is compromised), so it's really not a good
solution.

Thanks,

Stephen

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Christian Ramseyer 2020-05-06 13:29:36 Re: Encoding conversion: Use replacement character instead of failing query with "ERROR: character with byte sequence 0xd0 0xad in encoding "UTF8" has no equivalent in encoding LATIN1" ?
Previous Message Ram Pratap Maurya 2020-05-06 13:21:51 RE: Abnormal Growth of Index Size - Index Size 3x large than table size.