Re: Bug #6337 Patch

Поиск
Список
Период
Сортировка
От Dave Page
Тема Re: Bug #6337 Patch
Дата
Msg-id CA+OCxowunaKPsduM2Ciya_ro=+s4dnkDC_yu9czxxNE1Vhpybg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Bug #6337 Patch  (Akshay Joshi <akshay.joshi@enterprisedb.com>)
Ответы Re: Bug #6337 Patch  (Akshay Joshi <akshay.joshi@enterprisedb.com>)
Список pgadmin-hackers
Дерево обсуждения
Hi

On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:
Hi Florian

Following are the review comments:
  • The "MAX_LOGIN_ATTEMPTS" parameter is not present in the config.py. It should be there with some default value maybe 3.
  • Can be added like
##########################################################################
# MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that
# are allowed. If this value is exceeded the account is locked and can be
# reset by an administrator. By setting the variable to the value zero
# this feature is deactivated.
##########################################################################
MAX_LOGIN_ATTEMPTS = 3
  • I have tested by specifying the above value, and it seems the logic is not correct. I can perform N number of unsuccessful attempts and when I provided the correct password it shows the flash message "Account locked".
  • Once the account is locked, the pgAdmin4 server needs to restart, can we make it time-bound? I mean after N minutes user can try again, so no need to restart the pgAdmin4 server. 
Isn't the point that any admin can unlock the account from the user management dialog?


--
Dave Page
VP, Chief Architect, Database Infrastructure
Blog: https://www.enterprisedb.com/dave-page
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

В списке pgadmin-hackers по дате отправления:

Предыдущее
От: Akshay Joshi
Дата:
Сообщение: Re: Bug #6337 Patch
Следующее
От: Akshay Joshi
Дата:
Сообщение: Re: Bug #6337 Patch