Re: Credcheck- credcheck.max_auth_failure
| От | Ron Johnson |
|---|---|
| Тема | Re: Credcheck- credcheck.max_auth_failure |
| Дата | |
| Msg-id | CANzqJaB1mFKUP=_kFqg2CtSN6QSMkgsMTvYtQnoGJ7cLAhhjyQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Credcheck- credcheck.max_auth_failure (Greg Sabino Mullane <htamfids@gmail.com>) |
| Список | pgsql-general |
On Mon, Dec 16, 2024 at 8:10 AM Greg Sabino Mullane <htamfids@gmail.com> wrote:
On Mon, Dec 16, 2024 at 5:32 AM 張宸瑋 <kenny020307@gmail.com> wrote:We have both regular accounts and system accounts. For regular accounts, we still require password complexity and the lockout functionality after multiple failed login attempts.Again, what is the threat model here?
I would not be surprised if the "threat model" is security auditors.
Most people have their password in a .pgpass file or similar, so it seems this only adds complexity and annoyance without any real benefit.
Mostly, people do not log into our PG instances. 99% of connections are from application service accounts via JDBC.
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
В списке pgsql-general по дате отправления: