From: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
---|---|
To: | Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com> |
Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Florian Sabonchi <sabonchi(at)posteo(dot)de>, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
Subject: | Re: Bug #6337 Patch |
Date: | 2021-07-22 09:45:05 |
Message-ID: | CANxoLDfVh4bLOOZER5d-SJ2Hvh7qva9RFJqGT=V17hyLx-1LCA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
On Thu, Jul 22, 2021 at 3:05 PM Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com>
wrote:
> On Thu, Jul 22, 2021 at 2:01 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>>
>>
>> On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <
>> ashesh(dot)vashi(at)enterprisedb(dot)com> wrote:
>>
>>> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi <
>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Florian
>>>>
>>>> Thanks, the patch applied.
>>>>
>>>> I have changed the flash string from 'Account locked' to 'Your account
>>>> is locked. Please contact the Administrator.'
>>>>
>>> I have a scenario.
>>> I have only one user in pgAdmin.
>>>
>>> What would happen then?
>>> + Does it lock that user too?
>>>
>>
>> Yes.
>>
>>
>>> + If yes - do we have information in the document to unlock that user?
>>>
>>
>> I hope so :-p
>>
> Akshay?
>
Will check, if not there I'll update the documentation.
>
> -- Ashesh
>
>>
>>
>>>
>>> I am also curious about another case. A hacker can use multiple users
>>> for the same.
>>> Should we also lock/avoid requests from a particular ip-address/machine
>>> for X minutes/hours?
>>>
>>
>> That's more difficult to deal with - there are common deployment
>> scenarios where all connections might appear to come from a single IP, for
>> example, when behind a load balancer (there are good reasons to do that,
>> even with a single pgAdmin instance) or proxy. In such cases we may or may
>> not get an X-Forwarded-For header, and even if we do it may not be reliable.
>>
>>
>> --
>> Dave Page
>> Blog: https://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EDB: https://www.enterprisedb.com
>>
>>
--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*
*Mobile: +91 976-788-8246*
From | Date | Subject | |
---|---|---|---|
Next Message | Akshay Joshi | 2021-07-23 07:14:38 | pgAdmin 4 commit: Fixed an issue where paste is not working through Rig |
Previous Message | Ashesh Vashi | 2021-07-22 09:35:17 | Re: Bug #6337 Patch |