On Tuesday 17 Sep 2002 3:44 pm, Holger Marzen wrote:
> Hi boys (and girls)?
>
> Authorization to web contents can be eaysily done with some Apache
> modules like mod_auth_pgsql (I wrote a little summary some time ago on
> http://bluebell.marzen.de/mod_auth_pgsql/).
>
> But what if we need some kind of protection agains brute force attacks?
> The modules are usually designed to do only selects. Is it possible to
> write some kind of magic that updates the same or another table at the
> same time?
> - If userid/password is correct then set a counter for this userid to
> zero.
> - If userid/password is not correct then increment the counter for this
> userid.
You'll want to write a plpgsql function so you can do:
SELECT check_password('user','password');
Then in check_password you can do your counting. See the Programmers Guide pt
III and http://techdocs.postgresql.org/ for help on writing functions.
Ideally, you could do this with a view and a SELECT rule, but SELECT rules
seem to only allow a single action and that has to be a SELECT.
HTH
- Richard Huxton
