On 5/5/20 7:13 AM, Wolff, Ken L wrote:
Hi, everyone. Wondering if there’s a way in PostgreSQL to automatically
lock accounts after a number of failed logins (a security requirement
for my organization). I’ve been investigating this for a while and the
only reference I’ve found is to write a hook:
https://wiki.postgresql.org/images/e/e3/Hooks_in_postgresql.pdf , which
is a little more involved than I’d hoped. Was hoping there was
something native available within PostgreSQL.
There is not.
You might want to take a look at this thread:
https://www.postgresql.org/message-id/OF010D9AFE.7D96A308-ON85257AB6.00746957-85257AB6.0074746B%40us.ibm.com
Locking accounts after X number of failed logins is an excellent way to
defeat brute force attacks, so I’m just wondering if there’s a way to do
this, other than the aforementioned hook.
This is my first time using this mail list so apologies in advance if
I’m not following etiquette or doing something incorrectly.
Thanks in advance.
Ken W
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
