> -----Original Message-----
> From: pgsql-novice-owner@postgresql.org [mailto:pgsql-novice-
> owner@postgresql.org] On Behalf Of Jean-Yves F. Barbier
> Sent: Wednesday, June 29, 2011 10:01 AM
> To: Mike Thomsen
> Cc: pgsql-novice@postgresql.org
> Subject: Re: [NOVICE] Locking out a user after several failed login
> attempts
>
> On Wed, 29 Jun 2011 11:43:00 -0400, Mike Thomsen
> <mikerthomsen@gmail.com>
> wrote:
>
>
>
> > Yes, we're logging all connections to the database.
>
> I'm interested into that (you can it send to me as a PM.)
>
> So, you just have to add a counter to your login table:
> +------------------------------------+
> | |
> login attempt-----good----reset CTR to 1 |
> | |
> bad |
> | |
> CTR += 1 |
> | |
> CTR > 3?-------no-----------------------+
> |
> yes
> |
That might be a ok on a small application with a limited number of users. A few thousand login attempts per min and you
areprobably going to wish the counter lived outside of your RDBMS.