Hi all, for a long time I am using mod_auth_pgsql for Apache 1.3. But I always wished that I could limit the number of attempts, so no-one can try as often as he wants to.
Unfortunately the author of mod_auth_pgsql didn't answer, so I had to do it by myself. But I didn't want to make major changes in mod_auth_pgsql because I had no experience in writing Apache modules. My approach was as follows: - Add a line in mod_auth_pgsql to write a row in the logging table even if the password entered was wrong. The original module only logs successful attempts. - Write a function that increases a counter in the user table if the password was wrong and sets the counter to 0 if the password was correct. - Set a trigger that executes that function whenever a row in the logging table is inserted. - Include the test for exceeded number of unsuccessful attempts in .htaccess. Oh, and I installed the crypto functions from contrib so I can store the passwords in hashed form, and I added some enable/disable fields so a user can temporary disabled without resetting his password or deleting him. Works fine. If anyone is interested, just email me for the scripts. Holger -- PGP/GPG Key-ID: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1 ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
