advanced Apache authorization: updates triggered by select? - Mailing list pgsql-general

From Holger Marzen
Subject advanced Apache authorization: updates triggered by select?
Date
Msg-id Pine.LNX.4.44.0209171633500.17072-100000@bluebell.marzen.de
Whole thread Raw
Responses Re: advanced Apache authorization: updates triggered by select?
List pgsql-general
Hi boys (and girls)?

Authorization to web contents can be eaysily done with some Apache
modules like mod_auth_pgsql (I wrote a little summary some time ago on
http://bluebell.marzen.de/mod_auth_pgsql/).

But what if we need some kind of protection agains brute force attacks?
The modules are usually designed to do only selects. Is it possible to
write some kind of magic that updates the same or another table at the
same time?

For every select there should automagically the following logic be
triggered:

- If userid/password is correct then set a counter for this userid to
  zero.

- If userid/password is not correct then increment the counter for this
  userid.

That should be enough because the password check could include something
like "and counter <= 5".

Any ideas?

--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1


pgsql-general by date:

Previous
From: Jan Wieck
Date:
Subject: Re: connecting inside pl/pgsql
Next
From: Andrew Sullivan
Date:
Subject: Re: Still big problems with pg_dump!