Re: Bug #6337 Patch
| От | Ashesh Vashi |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CAG7mmoxEWzU-gFREfceCEwT9EKbEduvb-m6a=7NZPwrZQrEsVw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Bug #6337 Patch (Akshay Joshi <akshay.joshi@enterprisedb.com>) |
| Ответы |
Re: Bug #6337 Patch
|
| Список | pgadmin-hackers |
On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:
Hi FlorianThanks, the patch applied.I have changed the flash string from 'Account locked' to 'Your account is locked. Please contact the Administrator.'
I have a scenario.
I have only one user in pgAdmin.
What would happen then?
+ Does it lock that user too?
+ If yes - do we have information in the document to unlock that user?
I am also curious about another case. A hacker can use multiple users for the same.
Should we also lock/avoid requests from a particular ip-address/machine for X minutes/hours?
-- Thanks, Ashesh
On Wed, Jul 21, 2021 at 7:40 PM Florian Sabonchi <sabonchi@posteo.de> wrote:Hello Akshay,
Thanks for your message, I have adjusted your suggestion as discussed. I
hope now that everything works correctly so far.
On 21.07.21 15:02, Akshay Joshi wrote:
> The explanation that you have mentioned above is correct, but when I
> tested your patch and enter the wrong password N number of times, I
> haven't got the "Account locked" message. When I enter the correct
> password then I got that message which is wrong.--Thanks & RegardsAkshay JoshipgAdmin Hacker | Principal Software ArchitectEDB PostgresMobile: +91 976-788-8246
В списке pgadmin-hackers по дате отправления: