Re: Bug #6337 Patch

On Thu, Jul 22, 2021 at 2:01 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:

>
>
> On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <
> ashesh(dot)vashi(at)enterprisedb(dot)com> wrote:
>
>> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <
>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Florian
>>>
>>> Thanks, the patch applied.
>>>
>>> I have changed the flash string from 'Account locked' to 'Your account
>>> is locked. Please contact the Administrator.'
>>>
>> I have a scenario.
>> I have only one user in pgAdmin.
>>
>> What would happen then?
>> + Does it lock that user too?
>>
>
> Yes.
>
>
>> + If yes - do we have information in the document to unlock that user?
>>
>
> I hope so :-p
>
Akshay?

-- Ashesh

>
>
>>
>> I am also curious about another case. A hacker can use multiple users for
>> the same.
>> Should we also lock/avoid requests from a particular ip-address/machine
>> for X minutes/hours?
>>
>
> That's more difficult to deal with - there are common deployment scenarios
> where all connections might appear to come from a single IP, for example,
> when behind a load balancer (there are good reasons to do that, even with a
> single pgAdmin instance) or proxy. In such cases we may or may not get an
> X-Forwarded-For header, and even if we do it may not be reliable.
>
>
> --
> Dave Page
> Blog: https://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: https://www.enterprisedb.com
>
>