Postgresql 中文操作指南
F.3. auth_delay — pause on authentication failure #
auth_delay:导致服务器在报告认证故障前短暂暂停,这样可以增加数据库密码暴力破解的难度。请注意,它并不阻止拒绝服务(DoS)攻击,甚至可能加剧攻击,因为在报告认证故障前处于等待状态的进程仍会占用连接插槽。
auth_delay causes the server to pause briefly before reporting authentication failure, to make brute-force attacks on database passwords more difficult. Note that it does nothing to prevent denial-of-service attacks, and may even exacerbate them, since processes that are waiting before reporting authentication failure will still consume connection slots.
为了正常运行,该模块必须通过 shared_preload_librariespostgresql.conf 加载。
In order to function, this module must be loaded via shared_preload_libraries in postgresql.conf.
F.3.1. Configuration Parameters #
-
auth_delay.milliseconds (integer)
-
The number of milliseconds to wait before reporting an authentication failure. The default is 0.
-
这些参数必须在 postgresql.conf 中设置。典型用法可能是:
These parameters must be set in postgresql.conf. Typical usage might be:
# postgresql.conf
shared_preload_libraries = 'auth_delay'
auth_delay.milliseconds = '500'F.3.2. Author #
KaiGai Kohei < link:mailto:kaigai@ak.jp.nec.com[kaigai@ak.jp.nec.com]>
KaiGai Kohei <link:mailto:kaigai@ak.jp.nec.com[kaigai@ak.jp.nec.com]>