mirror of
https://github.com/postgres/postgres.git
synced 2025-11-06 07:49:08 +03:00
1a00c0ef53
This variable provides only marginal error-prevention capability (since it can only check the prefix of a qualified GUC name), and the consensus is that that isn't worth the amount of hassle that maintaining the setting creates for DBAs. So, let's just remove it. With this commit, the system will silently accept a value for any qualified GUC name at all, whether it has anything to do with any known extension or not. (Unqualified names still have to match known built-in settings, though; and you will get a WARNING at extension load time if there's an unrecognized setting with that extension's prefix.) There's still some discussion ongoing about whether to tighten that up and if so how; but if we do come up with a solution, it's not likely to look anything like custom_variable_classes.
66 lines
1.6 KiB
Plaintext
66 lines
1.6 KiB
Plaintext
<!-- doc/src/sgml/auth-delay.sgml -->
|
|
|
|
<sect1 id="auth-delay" xreflabel="auth_delay">
|
|
<title>auth_delay</title>
|
|
|
|
<indexterm zone="auth-delay">
|
|
<primary>auth_delay</primary>
|
|
</indexterm>
|
|
|
|
<para>
|
|
<filename>auth_delay</filename> causes the server to pause briefly before
|
|
reporting authentication failure, to make brute-force attacks on database
|
|
passwords more difficult. Note that it does nothing to prevent
|
|
denial-of-service attacks, and may even exacerbate them, since processes
|
|
that are waiting before reporting authentication failure will still consume
|
|
connection slots.
|
|
</para>
|
|
|
|
<para>
|
|
In order to function, this module must be loaded via
|
|
<xref linkend="guc-shared-preload-libraries"> in <filename>postgresql.conf</>.
|
|
</para>
|
|
|
|
<sect2>
|
|
<title>Configuration Parameters</title>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>
|
|
<varname>auth_delay.milliseconds</varname> (<type>int</type>)
|
|
</term>
|
|
<indexterm>
|
|
<primary><varname>auth_delay.milliseconds</> configuration parameter</primary>
|
|
</indexterm>
|
|
<listitem>
|
|
<para>
|
|
The number of milliseconds to wait before reporting an authentication
|
|
failure. The default is 0.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
<para>
|
|
These parameters must be set in <filename>postgresql.conf</>.
|
|
Typical usage might be:
|
|
</para>
|
|
|
|
<programlisting>
|
|
# postgresql.conf
|
|
shared_preload_libraries = 'auth_delay'
|
|
|
|
auth_delay.milliseconds = '500'
|
|
</programlisting>
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Author</title>
|
|
|
|
<para>
|
|
KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|