From: | Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com> |
---|---|
To: | Dave Page <dpage(at)pgadmin(dot)org> |
Cc: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>, Florian Sabonchi <sabonchi(at)posteo(dot)de>, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
Subject: | Re: Bug #6337 Patch |
Date: | 2021-07-22 09:35:17 |
Message-ID: | CAG7mmozba=1H47uReK+VCqtbvQ8xn1M6P+w6f-2YU3J2bsrcsg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
On Thu, Jul 22, 2021 at 2:01 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>
> On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <
> ashesh(dot)vashi(at)enterprisedb(dot)com> wrote:
>
>> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <
>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Florian
>>>
>>> Thanks, the patch applied.
>>>
>>> I have changed the flash string from 'Account locked' to 'Your account
>>> is locked. Please contact the Administrator.'
>>>
>> I have a scenario.
>> I have only one user in pgAdmin.
>>
>> What would happen then?
>> + Does it lock that user too?
>>
>
> Yes.
>
>
>> + If yes - do we have information in the document to unlock that user?
>>
>
> I hope so :-p
>
Akshay?
-- Ashesh
>
>
>>
>> I am also curious about another case. A hacker can use multiple users for
>> the same.
>> Should we also lock/avoid requests from a particular ip-address/machine
>> for X minutes/hours?
>>
>
> That's more difficult to deal with - there are common deployment scenarios
> where all connections might appear to come from a single IP, for example,
> when behind a load balancer (there are good reasons to do that, even with a
> single pgAdmin instance) or proxy. In such cases we may or may not get an
> X-Forwarded-For header, and even if we do it may not be reliable.
>
>
> --
> Dave Page
> Blog: https://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: https://www.enterprisedb.com
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Akshay Joshi | 2021-07-22 09:45:05 | Re: Bug #6337 Patch |
Previous Message | Dave Page | 2021-07-22 09:22:31 | Re: Bug #6337 Patch |