| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Jan Urbański <wulczer(at)wulczer(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, PostgreSQL-Hackers <pgsql-hackers(at)postgresql(dot)org>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Subject: | Re: contrib: auth_delay module |
| Date: | 2010-11-29 00:12:39 |
| Message-ID: | AANLkTinLoJSTNOpPUoOC1Q=dGRT7LRxv5gr1Xez1DAha@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Nov 28, 2010 at 7:10 PM, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
> Oh, I wasn't complaining. I think that having max_connections be
> charged for the duration even if the socket is dropped is the only
> reasonable thing to do, and wanted to verify that it did happen.
> Otherwise the module wouldn't do a very good job at its purpose, the
> attacker would simply wait a few milliseconds and then assume it got
> the wrong password and kill the connection and start new one.
Good point.
> Preventing the brute force password attack by shunting it into a DOS
> attack instead seems reasonable.
OK.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-11-29 00:12:51 | Re: Report: Linux huge pages with Postgres |
| Previous Message | Jeff Janes | 2010-11-29 00:10:19 | Re: contrib: auth_delay module |