Re: Bug #6337 Patch
| От | Akshay Joshi |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CANxoLDd5Sunqf-_-P2w3kd3Qxv-xN4tpzCTCAsdnk6nnhsQ1tw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Bug #6337 Patch (Dave Page <dave.page@enterprisedb.com>) |
| Список | pgadmin-hackers |
On Mon, Jul 19, 2021 at 6:23 PM Dave Page <dave.page@enterprisedb.com> wrote:
HiOn Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:Hi FlorianFollowing are the review comments:
- The "MAX_LOGIN_ATTEMPTS" parameter is not present in the config.py. It should be there with some default value maybe 3.
- Can be added like
########################################################################### MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that# are allowed. If this value is exceeded the account is locked and can be# reset by an administrator. By setting the variable to the value zero# this feature is deactivated.##########################################################################MAX_LOGIN_ATTEMPTS = 3
- I have tested by specifying the above value, and it seems the logic is not correct. I can perform N number of unsuccessful attempts and when I provided the correct password it shows the flash message "Account locked".
- Once the account is locked, the pgAdmin4 server needs to restart, can we make it time-bound? I mean after N minutes user can try again, so no need to restart the pgAdmin4 server.
Isn't the point that any admin can unlock the account from the user management dialog?
Yes, I missed that part, it is working fine from the user management dialog.
--Dave PageVP, Chief Architect, Database Infrastructure
Blog: https://www.enterprisedb.com/dave-page
Twitter: @pgsnake
EDB: https://www.enterprisedb.com
Thanks & Regards
Akshay Joshi
pgAdmin Hacker | Principal Software Architect
EDB PostgresMobile: +91 976-788-8246
В списке pgadmin-hackers по дате отправления: