Home > mailing lists

Re: brute force attacking the password - Mailing list pgsql-admin

From	Enrico Weigelt
Subject	Re: brute force attacking the password
Date	May 11, 2005 22:25:57
Msg-id	20050511222548.GD6485@nibiru.borg.metux.de Whole thread Raw
In response to	Re: brute force attacking the password (Wim Bertels <wim.bertels@khleuven.be>)
List	pgsql-admin

Tree view

* Wim Bertels <wim.bertels@khleuven.be> wrote:

<snip>
> since brute force attacks are quit traceable (targetting one and the
> same user eg..),
> one could a script to check:
> - the percentage of failed logins/user, depending on the percentage (eg
> 75% or more failed, this should be configurable), these events should be
> reporteg in security.log file under the postgres log directory, or
> mailed to user (inetd...)
> - if there are more than eg 10 (this should be configurable) failed
> consecutive logins/user, this should again be reported.

BTW: is it possible to do this directly in the database - by rules and
triggers on the appropriate system tables ?


cu
--
---------------------------------------------------------------------
 Enrico Weigelt    ==   metux IT service
  phone:     +49 36207 519931         www:       http://www.metux.de/
  fax:       +49 36207 519932         email:     contact@metux.de
---------------------------------------------------------------------
  Realtime Forex/Stock Exchange trading powered by postgresSQL :))
                                            http://www.fxignal.net/
---------------------------------------------------------------------

pgsql-admin by date:

From: Enrico Weigelt
Date: 11 May 2005, 22:23:18
Subject: Re: brute force attacking the password

From: Tom Lane
Date: 11 May 2005, 22:26:12
Subject: Re: [GENERAL] Storing database in WORM devices

Re: brute force attacking the password - Mailing list pgsql-admin

Previous

Next