From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
---|---|
To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
Cc: | Michael Banck <mbanck(at)gmx(dot)net>, Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>, Abhijit Menon-Sen <ams(at)toroid(dot)org>, pgsql-hackers(at)lists(dot)postgresql(dot)org, 成之焕 <zhcheng(at)ceresdata(dot)com> |
Subject: | Re: [PATCH] Exponential backoff for auth_delay |
Date: | 2024-03-06 16:10:45 |
Message-ID: | 20240306161045.GA3542434@nathanxps13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Mar 05, 2024 at 05:14:46PM -0800, Jacob Champion wrote:
> On Tue, Mar 5, 2024 at 1:51 PM Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
>> I don't have a strong opinion about making this configurable, but I do
>> think we should consider making this a hash table so that we can set
>> MAX_CONN_RECORDS much higher.
>
> I'm curious why? It seems like the higher you make MAX_CONN_RECORDS,
> the easier it is to put off the brute-force protection. (My assumption
> is that anyone mounting a serious attack is not going to be doing this
> from their own computer; they'll be doing it from many devices they
> don't own -- a botnet, or a series of proxies, or something.)
Assuming you are referring to the case where we run out of free slots in
acr_array, I'm not sure I see that as desirable behavior. Once you run out
of slots, all failed authentication attempts are now subject to the maximum
delay, which is arguably a denial-of-service scenario, albeit not a
particularly worrisome one.
I also think the linear search approach artifically constrains the value of
MAX_CONN_RECORDS, so even if a user wanted to bump it up substantially for
their own build, they'd potentially begin noticing the effects of the O(n)
behavior. AFAICT this is really the only reason this value is set so low
at the moment, as I don't think the memory usage or code complexity of a
hash table with thousands of slots would be too bad. In fact, it might
even be simpler to use hash_search() instead of hard-coding linear searches
in multiple places.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
From | Date | Subject | |
---|---|---|---|
Next Message | Nathan Bossart | 2024-03-06 16:19:26 | Re: Switching XLog source from archive to streaming when primary available |
Previous Message | Robert Haas | 2024-03-06 16:05:36 | Re: Add system identifier to backup manifest |