Re: Bug #6337 Patch

2021-07-22 Thread Akshay Joshi
On Thu, Jul 22, 2021 at 3:05 PM Ashesh Vashi wrote: > On Thu, Jul 22, 2021 at 2:01 PM Dave Page wrote: > >> >> >> On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi < >> ashesh.va...@enterprisedb.com> wrote: >> >>> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi < >>> akshay.jo...@enterprisedb.com> wrot

Re: Bug #6337 Patch

2021-07-22 Thread Ashesh Vashi
On Thu, Jul 22, 2021 at 2:01 PM Dave Page wrote: > > > On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi < > ashesh.va...@enterprisedb.com> wrote: > >> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi < >> akshay.jo...@enterprisedb.com> wrote: >> >>> Hi Florian >>> >>> Thanks, the patch applied. >>> >>>

Re: Bug #6337 Patch

2021-07-22 Thread Dave Page
Hi [please keep the list CC'd] On Thu, Jul 22, 2021 at 10:14 AM Florian Sabonchi wrote: > Hello Dave, > > As you said, it doesn't make sense to ban ip addresses. Alternatively, a > captcha could be implemented that prevents an attacker from trying to > bruteforce an account. > We did discuss u

Re: Bug #6337 Patch

2021-07-22 Thread Dave Page
On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi wrote: > On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi < > akshay.jo...@enterprisedb.com> wrote: > >> Hi Florian >> >> Thanks, the patch applied. >> >> I have changed the flash string from 'Account locked' to 'Your account is >> locked. Please contact

Re: Bug #6337 Patch

2021-07-22 Thread Ashesh Vashi
On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi wrote: > Hi Florian > > Thanks, the patch applied. > > I have changed the flash string from 'Account locked' to 'Your account is > locked. Please contact the Administrator.' > I have a scenario. I have only one user in pgAdmin. What would happen then

Re: Bug #6337 Patch

2021-07-21 Thread Akshay Joshi
Hi Florian Thanks, the patch applied. I have changed the flash string from 'Account locked' to 'Your account is locked. Please contact the Administrator.' On Wed, Jul 21, 2021 at 7:40 PM Florian Sabonchi wrote: > Hello Akshay, > > Thanks for your message, I have adjusted your suggestion as dis

Re: Bug #6337 Patch

2021-07-19 Thread Akshay Joshi
On Mon, Jul 19, 2021 at 6:23 PM Dave Page wrote: > Hi > > On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi < > akshay.jo...@enterprisedb.com> wrote: > >> Hi Florian >> >> Following are the review comments: >> >>- The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*. >>It shoul

Re: Bug #6337 Patch

2021-07-19 Thread Dave Page
Hi On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi wrote: > Hi Florian > > Following are the review comments: > >- The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*. >It should be there with some default value maybe 3. >- Can be added like > >

Re: Bug #6337 Patch

2021-07-19 Thread Akshay Joshi
Hi Florian Following are the review comments: - The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*. It should be there with some default value maybe 3. - Can be added like ## # MAX_LOGIN_ATTEMPTS w