"mark" <dvlhntr@gmail.com> writes:
>> From: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice-
>> owner@postgresql.org] On Behalf Of Jean-Yves F. Barbier
>> So, you just have to add a counter to your login table:
> That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and
youare probably going to wish the counter lived outside of your RDBMS.
Usually, when somebody asks for this or related security-policy hacks,
we suggest using PAM for authentication. There are already PAM modules
for practically any reasonable password policy, so why reinvent the
wheel ...
regards, tom lane