BUG #16522: No anti-violent cracking mechanism

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG #16522: No anti-violent cracking mechanism

PG Bug reporting form
The following bug has been logged on the website:

Bug reference:      16522
Logged by:          yi Ding
Email address:      [hidden email]
PostgreSQL version: 10.13
Operating system:   linux
Description:        

Pg database is not locked after password verification fails several times.

Reply | Threaded
Open this post in threaded view
|

Re: BUG #16522: No anti-violent cracking mechanism

Magnus Hagander-2


On Wed, Jul 1, 2020 at 12:07 PM PG Bug reporting form <[hidden email]> wrote:
The following bug has been logged on the website:

Bug reference:      16522
Logged by:          yi Ding
Email address:      [hidden email]
PostgreSQL version: 10.13
Operating system:   linux
Description:       

Pg database is not locked after password verification fails several times.


Correct, there is no such feature built-in, so there is no bug in something that does not work.

If you want this feature you can integrate PostgreSQL with numerous external authentication methods such as gssapi, ldap, radius or pam, all of which can provide such functionality if set up right. You can also use fail2ban or some simple log-tailing script that implements it.

--