Re: Bug #6337 Patch

Hi

On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
wrote:

> Hi Florian
>
> Following are the review comments:
>
> - The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*.
> It should be there with some default value maybe 3.
> - Can be added like
>
> ##########################################################################
> # MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that
> # are allowed. If this value is exceeded the account is locked and can be
> # reset by an administrator. By setting the variable to the value zero
> # this feature is deactivated.
> ##########################################################################
> MAX_LOGIN_ATTEMPTS = 3
>
>
> - I have tested by specifying the above value, and it seems the logic
> is not correct. I can perform N number of unsuccessful attempts and when I
> provided the correct password it shows the flash message "Account locked".
> - Once the account is locked, the pgAdmin4 server needs to restart,
> can we make it time-bound? I mean after N minutes user can try again, so no
> need to restart the pgAdmin4 server.
>
> Isn't the point that any admin can unlock the account from the user
management dialog?

--
Dave Page
VP, Chief Architect, Database Infrastructure
Blog: https://www.enterprisedb.com/dave-page
Twitter: @pgsnake

EDB: https://www.enterprisedb.com