Hi boys (and girls)?
Authorization to web contents can be eaysily done with some Apache
modules like mod_auth_pgsql (I wrote a little summary some time ago on
http://bluebell.marzen.de/mod_auth_pgsql/).
But what if we need some kind of protection agains brute force attacks?
The modules are usually designed to do only selects. Is it possible to
write some kind of magic that updates the same or another table at the
same time?
For every select there should automagically the following logic be
triggered:
- If userid/password is correct then set a counter for this userid to
zero.
- If userid/password is not correct then increment the counter for this
userid.
That should be enough because the password check could include something
like "and counter <= 5".
Any ideas?
--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1