Re: Bug #6337 Patch
| От | Dave Page |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CA+OCxozNGoc+yc1XjpEJdse1yWxmvMtKSX8Aobh2yfQCSE=pfA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Bug #6337 Patch (Ashesh Vashi <ashesh.vashi@enterprisedb.com>) |
| Ответы |
Re: Bug #6337 Patch
|
| Список | pgadmin-hackers |
On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:Hi FlorianThanks, the patch applied.I have changed the flash string from 'Account locked' to 'Your account is locked. Please contact the Administrator.'I have a scenario.I have only one user in pgAdmin.What would happen then?+ Does it lock that user too?
Yes.
+ If yes - do we have information in the document to unlock that user?
I hope so :-p
I am also curious about another case. A hacker can use multiple users for the same.Should we also lock/avoid requests from a particular ip-address/machine for X minutes/hours?
That's more difficult to deal with - there are common deployment scenarios where all connections might appear to come from a single IP, for example, when behind a load balancer (there are good reasons to do that, even with a single pgAdmin instance) or proxy. In such cases we may or may not get an X-Forwarded-For header, and even if we do it may not be reliable.
В списке pgadmin-hackers по дате отправления: