| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | 成之焕 <zhcheng(at)ceresdata(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: contrib: auth_delay module |
| Date: | 2022-11-17 22:37:51 |
| Message-ID: | 2054975.1668724671@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
=?UTF-8?B?5oiQ5LmL54SV?= <zhcheng(at)ceresdata(dot)com> writes:
> The attached patch is a contrib module to set login restrictions on users with
> too many authentication failure. The administrator could manage several GUC
> parameters to control the login restrictions which are listed below.
> - set the wait time when password authentication fails.
> - allow the wait time grows when users of the same IP consecutively logon failed.
> - set the maximum authentication failure number from the same user. The system
> will prevent a user who gets too many authentication failures from entering the
> database.
I'm not yet forming an opinion on whether this is useful enough
to accept. However, I wonder why you chose to add this functionality
to auth_delay instead of making a new, independent module.
It seems fairly unrelated to what auth_delay does, and the
newly-created requirement that the module be preloaded might
possibly break some existing use-case for auth_delay.
Also, a patch that lacks user documentation and has no code comments to
speak of seems unlikely to draw serious review.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2022-11-17 22:47:48 | Re: Strange failure on mamba |
| Previous Message | Thomas Munro | 2022-11-17 22:35:10 | Re: Strange failure on mamba |