Re: Locking out a user after several failed login attempts - Mailing list pgsql-novice

> -----Original Message-----
> From: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice-
> owner@postgresql.org] On Behalf Of Jean-Yves F. Barbier
> Sent: Wednesday, June 29, 2011 10:01 AM
> To: Mike Thomsen
> Cc: pgsql-novice@postgresql.org
> Subject: Re: [NOVICE] Locking out a user after several failed login
> attempts
>
> On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen
> <mikerthomsen@gmail.com>
> wrote:
>
>
>
> > Yes, we're logging all connections to the database.
>
> I'm interested into that (you can it send to me as a PM.)
>
> So, you just have to add a counter to your login table:
>       +------------------------------------+
>       |                                    |
> login attempt-----good----reset CTR to 1   |
>       |                                    |
>      bad                                   |
>       |                                    |
>    CTR += 1                                |
>       |                                    |
>    CTR > 3?-------no-----------------------+
>       |
>      yes
>       |



That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you
areprobably going to wish the counter lived outside of your RDBMS.