|
| 1 | +-- The idea behind aggregating login logs was appealing to save some space. |
| 2 | +-- However it causes trouble on counting failed attempts in window periods, |
| 3 | +-- which would be an important metric to preemptively detect login attacks. |
| 4 | +-- Another issue with the table was that the login_id was not null, which |
| 5 | +-- does not detect brute force username guessing. Instead we now keep the |
| 6 | +-- login string if no user id could be found. |
| 7 | + |
| 8 | +drop table if exists login_log; |
| 9 | + |
| 10 | +create table login_log |
| 11 | +( |
| 12 | + id int unsigned auto_increment comment 'ID for API/Elide compatibility', |
| 13 | + login_id mediumint unsigned null, |
| 14 | + login_string varchar(100) default null comment 'In case of unknown login, the login name will be kept here', |
| 15 | + ip varchar(45) not null, |
| 16 | + success boolean not null, |
| 17 | + create_time timestamp default CURRENT_TIMESTAMP not null, |
| 18 | + constraint id primary key (id), |
| 19 | + constraint login_log_login_id_fk |
| 20 | + foreign key (login_id) references login (id) on update cascade on delete cascade |
| 21 | +) |
| 22 | + comment 'Log of logins to discover login attack attempts. Has to be cleaned up by the services.'; |
| 23 | + |
| 24 | +create index login_log_ip_success_index on login_log (ip, success); |
| 25 | +create index login_log_login_id_success_index on login_log (login_id, success); |
0 commit comments