Re: [pgAdmin4][Patch]: To make session more secure in web mode
| От | Murtuza Zabuawala |
|---|---|
| Тема | Re: [pgAdmin4][Patch]: To make session more secure in web mode |
| Дата | |
| Msg-id | CAKKotZROXy5igX2VTejyx24iA0BG5EtzTftJWsH2JFdw+pJSRw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [pgAdmin4][Patch]: To make session more secure in web mode (Dave Page <dpage@pgadmin.org>) |
| Ответы |
Re: [pgAdmin4][Patch]: To make session more secure in web mode
|
| Список | pgadmin-hackers |
It is based on Flask-Login module but
1) Flask-Login will mark a user as logged out when it detects that an existing session suddenly appears to come from a different originating IP address or a different browser. But it is unfortunate that Flask-Login does not enable this option by default.
2) It does not support it at all if you want to also use the browsers "remember me" functionality.
On Thu, Jul 20, 2017 at 5:52 PM, Dave Page <dpage@pgadmin.org> wrote:
HiOn Thu, Jul 20, 2017 at 12:59 PM, Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com> wrote: Hi Dave,Tested it with PEM7 RestApi testsuite and it is working fine :)The docs for this module say it's based on Flask-Login's session protect mechanism, and was intended to allow session protection in other scenarios. As we are already using Flask-Login, do we need this?See the Session Protection section on https://flask-login.readthedocs.io/en/latest/. --Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
В списке pgadmin-hackers по дате отправления: