Re: Rejecting weak passwords

Поиск
Список
Период
Сортировка
От Gurjeet Singh
Тема Re: Rejecting weak passwords
Дата
Msg-id 65937bea0909290607t6e6949f8y532d94a68e2ca6ce@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Rejecting weak passwords  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Rejecting weak passwords  (Mark Mielke <mark@mark.mielke.cc>)
Список pgsql-hackers
Дерево обсуждения
On Tue, Sep 29, 2009 at 4:49 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Josh Berkus <josh@agliodbs.com> writes:
> Hmmm, that would be a useful, easy (I think) security feature: add a GUC
> for failed_logins_allowed.

And the counts would be tracked and enforced where?


Combining this with other suggestion:

.) Provide a GUC failed_logins_allowed
.) Add MAX FAILED LOGINS option to ADD/ALTER USER, which defaults to the GUC if not provided in the command.
.) Track per-user failed attempt counts in shared catalog, and reset on a successful login.

Best regards,
--
Lets call it Postgres

EnterpriseDB      http://www.enterprisedb.com

gurjeet[.singh]@EnterpriseDB.com

singh.gurjeet@{ gmail | hotmail | indiatimes | yahoo }.com
Twitter: singh_gurjeet
Skype: singh_gurjeet

Mail sent from my BlackLaptop device

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Magnus Hagander
Дата:
Сообщение: Re: Small patch for README
Следующее
От: Robert Haas
Дата:
Сообщение: Re: [PATCH] DefaultACLs