Home > mailing lists

advanced Apache authorization: updates triggered by select? - Mailing list pgsql-general

From	Holger Marzen
Subject	advanced Apache authorization: updates triggered by select?
Date	September 17, 2002 13:50:15
Msg-id	Pine.LNX.4.44.0209171633500.17072-100000@bluebell.marzen.de Whole thread Raw
Responses	Re: advanced Apache authorization: updates triggered by select? (Richard Huxton <dev@archonet.com>)
List	pgsql-general

Tree view

Hi boys (and girls)?

Authorization to web contents can be eaysily done with some Apache
modules like mod_auth_pgsql (I wrote a little summary some time ago on
http://bluebell.marzen.de/mod_auth_pgsql/).

But what if we need some kind of protection agains brute force attacks?
The modules are usually designed to do only selects. Is it possible to
write some kind of magic that updates the same or another table at the
same time?

For every select there should automagically the following logic be
triggered:

- If userid/password is correct then set a counter for this userid to
  zero.

- If userid/password is not correct then increment the counter for this
  userid.

That should be enough because the password check could include something
like "and counter <= 5".

Any ideas?

--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1

pgsql-general by date:

From: Jan Wieck
Date: 17 September 2002, 13:46:52
Subject: Re: connecting inside pl/pgsql

From: Andrew Sullivan
Date: 17 September 2002, 13:51:18
Subject: Re: Still big problems with pg_dump!

advanced Apache authorization: updates triggered by select? - Mailing list pgsql-general

Previous

Next