Re: contrib: auth_delay module

Kouhei Kaigai <kaigai@ak.jp.nec.com>

From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "Ross J. Reedstrom" <reedstrm@rice.edu>, Stephen Frost <sfrost@snowman.net>, Jan Urbański <wulczer@wulczer.org>, Itagaki Takahiro <itagaki.takahiro@gmail.com>, KaiGai Kohei <kaigai@kaigai.gr.jp>, PostgreSQL-Hackers <pgsql-hackers@postgresql.org>
Date: 2010-11-25T06:18:38Z
Lists: pgsql-hackers

Attachments

(2010/11/19 16:57), KaiGai Kohei wrote:
> (2010/11/18 2:17), Robert Haas wrote:
>> On Wed, Nov 17, 2010 at 10:32 AM, Ross J. Reedstrom<reedstrm@rice.edu> wrote:
>>> On Tue, Nov 16, 2010 at 09:41:37PM -0500, Robert Haas wrote:
>>>> On Tue, Nov 16, 2010 at 8:15 PM, KaiGai Kohei<kaigai@ak.jp.nec.com> wrote:
>>>>> If we don't need a PoC module for each new hooks, I'm not strongly
>>>>> motivated to push it into contrib tree.
>>>>> How about your opinion?
>>>>
>>>> I'd say let it go, unless someone else feels strongly about it.
>>>
>>> I would use this module (rate limit new connection attempts) as soon as
>>> I could. Putting a cap on potential CPU usage on a production DB by either
>>> a blackhat or mistake by a developer caused by a mistake in
>>> configuration (leaving the port accessible) is definitely useful, even
>>> in the face of max_connections. My production apps already have
>>> their connections and seldom need new ones. They all use CPU though.
>>
>> If KaiGai updates the code per previous discussion, would you be
>> willing to take a crack at adding documentation?
>>
>> P.S. Your email client seems to be setting the Reply-To address to a
>> ridiculous value.
>>
> OK, I'll revise my patch according to the previous discussion.

The attached patch is revised version.

- Logging part within auth_delay was removed. This module now focuses on
   injection of a few seconds delay on authentication failed.
- Documentation parts were added like any other contrib modules.

Thanks,
-- 
KaiGai Kohei <kaigai@ak.jp.nec.com>