Home > mailing lists

Re: Credcheck- credcheck.max_auth_failure - Mailing list pgsql-general

From	Ron Johnson
Subject	Re: Credcheck- credcheck.max_auth_failure
Date	December 16 20:13:16
Msg-id	CANzqJaB1mFKUP=_kFqg2CtSN6QSMkgsMTvYtQnoGJ7cLAhhjyQ@mail.gmail.com Whole thread Raw
In response to	Re: Credcheck- credcheck.max_auth_failure (Greg Sabino Mullane <htamfids@gmail.com>)
List	pgsql-general

Tree view

On Mon, Dec 16, 2024 at 8:10 AM Greg Sabino Mullane <htamfids@gmail.com> wrote:

On Mon, Dec 16, 2024 at 5:32 AM 張宸瑋 <kenny020307@gmail.com> wrote:
We have both regular accounts and system accounts. For regular accounts, we still require password complexity and the lockout functionality after multiple failed login attempts.

Again, what is the threat model here?

I would not be surprised if the "threat model" is security auditors.

Most people have their password in a .pgpass file or similar, so it seems this only adds complexity and annoyance without any real benefit.

Mostly, people do not log into our PG instances. 99% of connections are from application service accounts via JDBC.

Death to <Redacted>, and butter sauce.

Don't boil me, I'm still alive.

<Redacted> lobster!

pgsql-general by date:

From: Greg Sabino Mullane
Date: 16 December, 19:09:45
Subject: Re: Credcheck- credcheck.max_auth_failure

From: Ron Johnson
Date: 16 December, 20:17:25
Subject: Re: Credcheck- credcheck.max_auth_failure

Re: Credcheck- credcheck.max_auth_failure - Mailing list pgsql-general

Previous

Next