2012/11/15 Craig Ringer <cr...@2ndquadrant.com> > Another option would be to monitor syslog or the csvlog and lock the > user out by changing their password or revoking CONNECT rights if they > trip the threshold. It wouldn't be as responsive to high-rate brute > forcing attempts but your IDS should be handing those already. > > -- > Craig Ringer http://www.2ndQuadrant.com/ > PostgreSQL Development, 24x7 Support, Training & Services >
I wouldn't go with password change approach, at least not automatically this can be done 'on user's demand' at any point. I admit that I wasn't specific in my solution with REVOKE as I didn't say which rights should be revoked I of course mean revoke connect command as Craig was kind to mention. Regards -- Ćukasz Brodziak "Do you bury me when I'm gone Do you teach me while I'm here Just as soon I belong Then it's time I disappear" -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
