Re: Bug #6337 Patch

On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
wrote:

> Hi Florian
>
> Thanks, the patch applied.
>
> I have changed the flash string from 'Account locked' to 'Your account is
> locked. Please contact the Administrator.'
>
I have a scenario.
I have only one user in pgAdmin.

What would happen then?
+ Does it lock that user too?
+ If yes - do we have information in the document to unlock that user?

I am also curious about another case. A hacker can use multiple users for
the same.
Should we also lock/avoid requests from a particular ip-address/machine for
X minutes/hours?

-- Thanks, Ashesh

>
> On Wed, Jul 21, 2021 at 7:40 PM Florian Sabonchi <sabonchi(at)posteo(dot)de>
> wrote:
>
>> Hello Akshay,
>>
>> Thanks for your message, I have adjusted your suggestion as discussed. I
>> hope now that everything works correctly so far.
>>
>> On 21.07.21 15:02, Akshay Joshi wrote:
>> > The explanation that you have mentioned above is correct, but when I
>> > tested your patch and enter the wrong password N number of times, I
>> > haven't got the "Account locked" message. When I enter the correct
>> > password then I got that message which is wrong.
>>
>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
> *pgAdmin Hacker | Principal Software Architect*
> *EDB Postgres <http://edbpostgres.com>*
>
> *Mobile: +91 976-788-8246*
>