* Bruno Wolff III [EMAIL PROTECTED] wrote:
Maybe you can use client side certificates.
how can they be used w/ psql ?
cu
--
-
Enrico Weigelt== metux IT service
phone: +49 36207 519931 www:
* Wim Bertels [EMAIL PROTECTED] wrote:
snip
since brute force attacks are quit traceable (targetting one and the
same user eg..),
one could a script to check:
- the percentage of failed logins/user, depending on the percentage (eg
75% or more failed, this should be configurable), these
Bruno Wolff III schreef:
On Tue, Apr 19, 2005 at 22:54:32 +0200,
Wim Bertels [EMAIL PROTECTED] wrote:
not an easy problem: it always seems to end up in DoS vs Brute Force Cracking.
So the only good and simple solution i can think of: use the best possible
password encrytion (or sufficient, a
On Tue, Apr 19, 2005 at 22:54:32 +0200,
Wim Bertels [EMAIL PROTECTED] wrote:
not an easy problem: it always seems to end up in DoS vs Brute Force Cracking.
So the only good and simple solution i can think of: use the best possible
password encrytion (or sufficient, a statistically zero
On Mon, Apr 18, 2005 at 16:55:45 -0400,
Bruce Momjian pgman@candle.pha.pa.us wrote:
I would like to pick something that matches what a typical Unix system
does because I think the _fancy_ solutions actually cause weird problems
like denial-of-service attacks by just trying to log in.
How
Bruce Momjian schreef:
Wim Bertels wrote:
LS,
is there a way of securing the postgresql-server against brute force
password cracking ?
iow: is there a way of setting eg a maximum number of login attempts, or
using a time-out or ..?
+ securing on server level
No, there is not. Does
Can't people use PAM to get this effect if they want it?
what if u use pam with ldap, then u can use pg brute force cracking to
obtain the ldap password, which is probably a bigger problem
For most people password guessing isn't going to be a big problem as
the database won't be accessible from
On Tue, Apr 19, 2005 at 17:00:15 +0200,
Wim Bertels [EMAIL PROTECTED] wrote:
Can't people use PAM to get this effect if they want it?
what if u use pam with ldap, then u can use pg brute force cracking to
obtain the ldap password, which is probably a bigger problem
You don't have to use
On Tuesday 19 April 2005 22:37, Bruno Wolff III seinde rooksignalen:
On Tue, Apr 19, 2005 at 17:00:15 +0200,
Wim Bertels [EMAIL PROTECTED] wrote:
Can't people use PAM to get this effect if they want it?
what if u use pam with ldap, then u can use pg brute force cracking to
obtain the
Wim Bertels wrote:
LS,
is there a way of securing the postgresql-server against brute force
password cracking ?
iow: is there a way of setting eg a maximum number of login attempts, or
using a time-out or ..?
+ securing on server level
No, there is not. Does anyone want to suggest a
No, there is not. Does anyone want to suggest a possible implementation
for the TODO list?
I would like to see a combination of number of login failures and a
timeout, configurable via the conf file. Say, X login failures
disables further logins for that account for Y minutes.
That would be
C. Bensend wrote:
No, there is not. Does anyone want to suggest a possible implementation
for the TODO list?
I would like to see a combination of number of login failures and a
timeout, configurable via the conf file. Say, X login failures
disables further logins for that account for
No, there is not. Does anyone want to suggest a possible implementation
for the TODO list?
I would like to see a combination of number of login failures and a
timeout, configurable via the conf file. Say, X login failures
disables further logins for that account for Y minutes.
That
And dangerous. Imagine a system with say, apache accound used
from some Apache application. And a maluser who purposefully
tries to log in to apache account and fails, thus causing a DoS
on the web application. :)
Yes, I absolutely agree. Any scheme of the sort would have some
risks. And
LS,
is there a way of securing the postgresql-server against brute force
password cracking ?
iow: is there a way of setting eg a maximum number of login attempts, or
using a time-out or ..?
+ securing on server level
tnx,
---(end of broadcast)---
15 matches
Mail list logo