David Wilson <david.t.wilson@gmail.com> writes:
> On Wed, Jul 15, 2009 at 11:10 AM, Marko Kreen<markokr@gmail.com> wrote:
>> From security standpoint, wasting more cycles on bad passwords is good,
>> as it decreases the rate bruteforce password scanning can happen.
>>
>> And I cannot imagine a scenario where performance on invalid logins
>> can be relevant..
> DoS attacks. The longer it takes to reject an invalid login, the fewer
> invalid login attempts it takes to DoS the server.
Yeah, but even with the current setup, an attacker who can fire
connection request packets at your postmaster port is not going to have
any trouble DoS'ing the service. We expend quite a lot of cycles before
getting to the password challenge already.
regards, tom lane