Re: Bug #6337 Patch

On Mon, Jul 19, 2021 at 6:23 PM Dave Page <dave(dot)page(at)enterprisedb(dot)com>
wrote:

> Hi
>
> On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <
> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>
>> Hi Florian
>>
>> Following are the review comments:
>>
>> - The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*.
>> It should be there with some default value maybe 3.
>> - Can be added like
>>
>> ##########################################################################
>> # MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that
>> # are allowed. If this value is exceeded the account is locked and can be
>> # reset by an administrator. By setting the variable to the value zero
>> # this feature is deactivated.
>> ##########################################################################
>> MAX_LOGIN_ATTEMPTS = 3
>>
>>
>> - I have tested by specifying the above value, and it seems the logic
>> is not correct. I can perform N number of unsuccessful attempts and when I
>> provided the correct password it shows the flash message "Account locked".
>> - Once the account is locked, the pgAdmin4 server needs to restart,
>> can we make it time-bound? I mean after N minutes user can try again, so no
>> need to restart the pgAdmin4 server.
>>
>> Isn't the point that any admin can unlock the account from the user
> management dialog?
>

Yes, I missed that part, it is working fine from the user management
dialog.

>
>
> --
> Dave Page
> VP, Chief Architect, Database Infrastructure
> Blog: https://www.enterprisedb.com/dave-page
> Twitter: @pgsnake
>
> EDB: https://www.enterprisedb.com
>

--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*

*Mobile: +91 976-788-8246*