> On 30 Sep 2021, at 04:15, Greg Nancarrow <gregn4...@gmail.com> wrote: > > On Wed, Sep 29, 2021 at 10:14 PM Teodor Sigaev <teo...@sigaev.ru> wrote: >> >> Nice feature, but, sorry, I see some design problem in suggested feature. >> AFAIK, >> there is two use cases for this feature: >> 1 A permission / prohibition to login some users >> 2 Just a logging of facts of user's login >> >> Suggested patch proposes prohibition of login only by failing of login >> trigger >> and it has at least two issues: >> 1 In case of prohibition to login, there is no clean way to store information >> about unsuccessful login. Ok, it could be solved by dblink module but it >> seems >> to scary. > > It's an area that could be improved, but the patch is more intended to > allow additional actions on successful login, as described by the > following (taken from the doc updates in the patch): > > + <para> > + The event trigger on the <literal>login</literal> event can be > + useful for logging user logins, for verifying the connection and > + assigning roles according to current circumstances, or for some > session data > + initialization. > + </para>
Running user code with potential side effects on unsuccessful logins also open up the risk for (D)DoS attacks. -- Daniel Gustafsson https://vmware.com/
