Re: Rejecting weak passwords
Gurjeet Singh <singh.gurjeet@gmail.com>
From: Gurjeet Singh <singh.gurjeet@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Josh Berkus <josh@agliodbs.com>, marcin mank <marcin.mank@gmail.com>, Marko Kreen <markokr@gmail.com>, Albe Laurenz <laurenz.albe@wien.gv.at>, Andrew Dunstan <andrew@dunslane.net>, mlortiz@uci.cu, Magnus Hagander <magnus@hagander.net>, pgsql-hackers@postgresql.org
Date: 2009-09-29T13:07:40Z
Lists: pgsql-hackers
On Tue, Sep 29, 2009 at 4:49 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Josh Berkus <josh@agliodbs.com> writes:
> > Hmmm, that would be a useful, easy (I think) security feature: add a GUC
> > for failed_logins_allowed.
>
> And the counts would be tracked and enforced where?
>
>
Combining this with other suggestion:
.) Provide a GUC failed_logins_allowed
.) Add MAX FAILED LOGINS option to ADD/ALTER USER, which defaults to the GUC
if not provided in the command.
.) Track per-user failed attempt counts in shared catalog, and reset on a
successful login.
Best regards,
--
Lets call it Postgres
EnterpriseDB http://www.enterprisedb.com
gurjeet[.singh]@EnterpriseDB.com
singh.gurjeet@{ gmail | hotmail | indiatimes | yahoo }.com
Twitter: singh_gurjeet
Skype: singh_gurjeet
Mail sent from my BlackLaptop device