Home > mailing lists

Re: brute force attacking the password - Mailing list pgsql-admin

From	Tom Lane
Subject	Re: brute force attacking the password
Date	April 18, 2005 21:39:21
Msg-id	26103.1113860351@sss.pgh.pa.us Whole thread Raw
In response to	Re: brute force attacking the password (Dawid Kuroczko <qnex42@gmail.com>)
List	pgsql-admin

Tree view

Dawid Kuroczko <qnex42@gmail.com> writes:
> Anyway, a simple 'sleep 2 seconds before telling that password
> was wrong' would be a good addition anyhow.

Seems pretty useless, unless we change things to also delay 2 seconds
before telling the password was good, which I doubt anyone will like ;-)
Otherwise, the attacker can simply abandon each connection after say
50 msec, or whatever the expected success time is.  He need not wait
until the postmaster drops the connection before launching another
attempt.

(No, I wouldn't like to stop that by putting a throttle on allowed
connection rates, either ...)

            regards, tom lane

pgsql-admin by date:

From: Steve Garcia
Date: 18 April 2005, 21:35:24
Subject: Re: I: file system backup of postgresql db onto another installation

From: "Garris, Nicole"
Date: 18 April 2005, 21:51:28
Subject: FW: Admin Tool to Send Me Email

Re: brute force attacking the password - Mailing list pgsql-admin

Previous

Next