From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL WWW Mailing List <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: Wiki 2FA |
Date: | 2016-01-23 23:51:40 |
Message-ID: | 56A4120C.7040207@commandprompt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On 01/23/2016 03:49 PM, Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> On 01/23/2016 03:35 PM, Tom Lane wrote:
>>> I doubt it would help much unless we required a 2FA auth cycle for
>>> every single edit, which I for one wouldn't stand for. Reasonably
>>> user-friendly policies like one auth a day would still be plenty
>>> easy for spammers too. (They've got phones too ya know.)
>
>> Bummer, o.k. Although it seems that spammers only go after easy targets.
>
> I dunno. I was astonished that they came back a second time after we'd
> once thrown them off and cleaned up the mess; you'd think they'd realize
> that that would just happen again. I think it may have been an
> intentional attack on the PG project as such, not just drive-by spamming.
> (If so, and if the goal was to complicate our lives, they succeeded.)
>
> Or maybe I'm just too paranoid.
Hrm, do we have the IPs that they were coming from? Were they from a
specific block? Or GEO region? I hate the idea of blocking login from a
region but it may be an unfortunate reality.
Sincerely,
JD
>
> regards, tom lane
>
--
Command Prompt, Inc. http://the.postgres.company/
+1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Stark | 2016-01-24 00:04:55 | Re: Wiki 2FA |
Previous Message | Tom Lane | 2016-01-23 23:49:13 | Re: Wiki 2FA |