Home > mailing lists

Re: Lock Postgres account after X number of failed logins? - Mailing list pgsql-general

From	Peter J. Holzer
Subject	Re: Lock Postgres account after X number of failed logins?
Date	May 6, 2020 18:26:10
Msg-id	20200506152610.GA12354@hjp.at Whole thread Raw
In response to	Re: Lock Postgres account after X number of failed logins? (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Lock Postgres account after X number of failed logins? (Magnus Hagander <magnus@hagander.net>) Re: Lock Postgres account after X number of failed logins? (Stephen Frost <sfrost@snowman.net>)
List	pgsql-general

Tree view

On 2020-05-06 09:28:28 -0400, Stephen Frost wrote:
> LDAP-based authentication in PG involves passing the user's password to
> the database server in the clear (or tunneled through SSL, but that
> doesn't help if the DB is compromised), so it's really not a good
> solution.

Still a lot better than PostgreSQL's md5 scheme, which stores
password-equivalent hashes: If the database is compromised the attacker
has all hashes immediately and can use them to login. Intercepting
encrypted traffic even at the endpoint is much harder and can only
uncover passwords actually used.

        hp

--
   _  | Peter J. Holzer    | Story must make more sense than reality.
|_|_) |                    |
| |   | hjp@hjp.at         |    -- Charles Stross, "Creative writing
__/   | http://www.hjp.at/ |       challenge!"

Attachment

signature.asc

pgsql-general by date:

From: Ravi Krishna
Date: 06 May 2020, 17:37:51
Subject: Re: Abnormal Growth of Index Size - Index Size 3x large than tablesize.

From: Magnus Hagander
Date: 06 May 2020, 18:28:56
Subject: Re: Lock Postgres account after X number of failed logins?

Re: Lock Postgres account after X number of failed logins? - Mailing list pgsql-general

Attachment

Previous

Next