Re: Bug #6337 Patch
| От | Ashesh Vashi |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CAG7mmozba=1H47uReK+VCqtbvQ8xn1M6P+w6f-2YU3J2bsrcsg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Bug #6337 Patch (Dave Page <dpage@pgadmin.org>) |
| Ответы |
Re: Bug #6337 Patch
|
| Список | pgadmin-hackers |
On Thu, Jul 22, 2021 at 2:01 PM Dave Page <dpage@pgadmin.org> wrote:
On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:Hi FlorianThanks, the patch applied.I have changed the flash string from 'Account locked' to 'Your account is locked. Please contact the Administrator.'I have a scenario.I have only one user in pgAdmin.What would happen then?+ Does it lock that user too?Yes.+ If yes - do we have information in the document to unlock that user?I hope so :-p
Akshay?
-- Ashesh
I am also curious about another case. A hacker can use multiple users for the same.Should we also lock/avoid requests from a particular ip-address/machine for X minutes/hours?That's more difficult to deal with - there are common deployment scenarios where all connections might appear to come from a single IP, for example, when behind a load balancer (there are good reasons to do that, even with a single pgAdmin instance) or proxy. In such cases we may or may not get an X-Forwarded-For header, and even if we do it may not be reliable.--
В списке pgadmin-hackers по дате отправления: