Re: Bug #6337 Patch
| От | Dave Page |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CA+OCxowunaKPsduM2Ciya_ro=+s4dnkDC_yu9czxxNE1Vhpybg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Bug #6337 Patch (Akshay Joshi <akshay.joshi@enterprisedb.com>) |
| Ответы |
Re: Bug #6337 Patch
|
| Список | pgadmin-hackers |
Hi
On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:
Hi FlorianFollowing are the review comments:
- The "MAX_LOGIN_ATTEMPTS" parameter is not present in the config.py. It should be there with some default value maybe 3.
- Can be added like
########################################################################### MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that# are allowed. If this value is exceeded the account is locked and can be# reset by an administrator. By setting the variable to the value zero# this feature is deactivated.##########################################################################MAX_LOGIN_ATTEMPTS = 3
- I have tested by specifying the above value, and it seems the logic is not correct. I can perform N number of unsuccessful attempts and when I provided the correct password it shows the flash message "Account locked".
- Once the account is locked, the pgAdmin4 server needs to restart, can we make it time-bound? I mean after N minutes user can try again, so no need to restart the pgAdmin4 server.
Isn't the point that any admin can unlock the account from the user management dialog?
Dave Page
VP, Chief Architect, Database Infrastructure
Blog: https://www.enterprisedb.com/dave-page
Twitter: @pgsnake
EDB: https://www.enterprisedb.com
Blog: https://www.enterprisedb.com/dave-page
Twitter: @pgsnake
EDB: https://www.enterprisedb.com
В списке pgadmin-hackers по дате отправления: