From: | Holger Marzen <holger(at)marzen(dot)de> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | mod_auth_pgsql for Apache and limiting the number of login attempts |
Date: | 2003-08-10 19:59:45 |
Message-ID: | Pine.LNX.4.50.0308102144210.18547-100000@bluebell.marzen.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi all,
for a long time I am using mod_auth_pgsql for Apache 1.3. But I always
wished that I could limit the number of attempts, so no-one can try as
often as he wants to.
Unfortunately the author of mod_auth_pgsql didn't answer, so I had to do
it by myself. But I didn't want to make major changes in mod_auth_pgsql
because I had no experience in writing Apache modules. My approach was
as follows:
- Add a line in mod_auth_pgsql to write a row in the logging table even
if the password entered was wrong. The original module only logs
successful attempts.
- Write a function that increases a counter in the user table if the
password was wrong and sets the counter to 0 if the password was
correct.
- Set a trigger that executes that function whenever a row in the
logging table is inserted.
- Include the test for exceeded number of unsuccessful attempts in
.htaccess.
Oh, and I installed the crypto functions from contrib so I can store the
passwords in hashed form, and I added some enable/disable fields so a
user can temporary disabled without resetting his password or deleting
him.
Works fine. If anyone is interested, just email me for the scripts.
Holger
--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1
From | Date | Subject | |
---|---|---|---|
Next Message | Chris Travers | 2003-08-10 20:20:27 | Re: Moving from MySQL |
Previous Message | Wolfgang Kueter | 2003-08-10 19:48:02 | Re: Moving from MySQL |