On Thu, Jul 22, 2021 at 2:01 PM Dave Page <dp...@pgadmin.org> wrote: > > > On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi < > ashesh.va...@enterprisedb.com> wrote: > >> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi < >> akshay.jo...@enterprisedb.com> wrote: >> >>> Hi Florian >>> >>> Thanks, the patch applied. >>> >>> I have changed the flash string from 'Account locked' to 'Your account >>> is locked. Please contact the Administrator.' >>> >> I have a scenario. >> I have only one user in pgAdmin. >> >> What would happen then? >> + Does it lock that user too? >> > > Yes. > > >> + If yes - do we have information in the document to unlock that user? >> > > I hope so :-p > Akshay?
-- Ashesh > > >> >> I am also curious about another case. A hacker can use multiple users for >> the same. >> Should we also lock/avoid requests from a particular ip-address/machine >> for X minutes/hours? >> > > That's more difficult to deal with - there are common deployment scenarios > where all connections might appear to come from a single IP, for example, > when behind a load balancer (there are good reasons to do that, even with a > single pgAdmin instance) or proxy. In such cases we may or may not get an > X-Forwarded-For header, and even if we do it may not be reliable. > > > -- > Dave Page > Blog: https://pgsnake.blogspot.com > Twitter: @pgsnake > > EDB: https://www.enterprisedb.com > >
