blob: bd3ef7128d55f57d12c3fc4468c42c1199644bda (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
<!-- doc/src/sgml/auth-delay.sgml -->
<sect1 id="auth-delay" xreflabel="auth_delay">
<title>auth_delay</title>
<indexterm zone="auth-delay">
<primary>auth_delay</primary>
</indexterm>
<para>
<filename>auth_delay</filename> causes the server to pause briefly before
reporting authentication failure, to make brute-force attacks on database
passwords more difficult. Note that it does nothing to prevent
denial-of-service attacks, and may even exacerbate them, since processes
that are waiting before reporting authentication failure will still consume
connection slots.
</para>
<para>
In order to function, this module must be loaded via
<xref linkend="guc-shared-preload-libraries"/> in <filename>postgresql.conf</filename>.
</para>
<sect2>
<title>Configuration Parameters</title>
<variablelist>
<varlistentry>
<term>
<varname>auth_delay.milliseconds</varname> (<type>int</type>)
<indexterm>
<primary><varname>auth_delay.milliseconds</varname> configuration parameter</primary>
</indexterm>
</term>
<listitem>
<para>
The number of milliseconds to wait before reporting an authentication
failure. The default is 0.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
These parameters must be set in <filename>postgresql.conf</filename>.
Typical usage might be:
</para>
<programlisting>
# postgresql.conf
shared_preload_libraries = 'auth_delay'
auth_delay.milliseconds = '500'
</programlisting>
</sect2>
<sect2>
<title>Author</title>
<para>
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
</para>
</sect2>
</sect1>
|