Quick Links

Re: Lock after several failed login attempts

From:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To:	postbox giridhar <giridharpostbox(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org
Subject:	Re: Lock after several failed login attempts
Date:	2021-03-10 08:14:46
Message-ID:	8d7c07866ad29e48489d8bae07d519d455f95ccb.camel@cybertec.at
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

On Tue, 2021-03-09 at 23:42 +0530, postbox giridhar wrote:
> Is it possible to lock a database user after several failed login attempts.
> Please suggest me.

The only thing built into PostgreSQL that does something in that direction
is auth_delay (https://www.postgresql.org/docs/current/auth-delay.html)

It introduces a pause after each failed login attempt, which makes
brute force attacks much harder.

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com

In response to

Lock after several failed login attempts at 2021-03-09 18:12:06 from postbox giridhar

Browse pgsql-admin by date

	From	Date	Subject
Next Message	dbatoCloud Solution	2021-03-10 15:28:00	partition table insert error!
Previous Message	Tim	2021-03-10 02:24:00	Logical Replication: Initial Snapshot For Large DB