On Mon, Apr 18, 2005 at 16:55:45 -0400, Bruce Momjian <pgman@xxxxxxxxxxxxxxxx> wrote: > > I would like to pick something that matches what a typical Unix system > does because I think the _fancy_ solutions actually cause weird problems > like denial-of-service attacks by just trying to log in. > > How do typical open source Unix's handle it? It think they slow down > prompting for a password --- but as I remember we only allow one > password attempt per connection so that is already covered. Can't people use PAM to get this effect if they want it? For most people password guessing isn't going to be a big problem as the database won't be accessible from totally untrusted places and watching the log files for guessing will probably be a good enough solution.
