Thanks, applied. On Thu, Jul 20, 2017 at 3:38 PM, Murtuza Zabuawala < murtuza.zabuaw...@enterprisedb.com> wrote:
> > > On Thu, Jul 20, 2017 at 6:17 PM, Dave Page <dp...@pgadmin.org> wrote: > >> >> >> On Thu, Jul 20, 2017 at 1:34 PM, Murtuza Zabuawala < >> murtuza.zabuaw...@enterprisedb.com> wrote: >> >>> It is based on Flask-Login module but >>> 1) Flask-Login will mark a user as logged out when it detects that an >>> existing session suddenly appears to come from a different originating IP >>> address or a different browser. But it is unfortunate that Flask-Login does >>> not enable this option by default. >>> >> >> That's just a config change though, to use strong protection instead of >> basic. >> >> > Yes we can set it to "strong" but then user won't be able to use "Remember > me" functionality as it won't support it with "strong" protection. > >> 2) It does not support it at all if you want to also use the browsers >>> "remember me" functionality. >>> >> >> The *browsers* remember me functionality, or Flasks? AFAIK remember me in >> the browser is just auto-filling of the username/password anyway, which >> will only happen when creating a new session right? >> >> Browsers. > >> >> >>> >>> It's just a small wrapper module to overcome above scenarios, It is not >>> most necessary thing to include in our project but it will improve the >>> session security. >>> >>> On Thu, Jul 20, 2017 at 5:52 PM, Dave Page <dp...@pgadmin.org> wrote: >>> >>>> Hi >>>> >>>> On Thu, Jul 20, 2017 at 12:59 PM, Murtuza Zabuawala < >>>> murtuza.zabuaw...@enterprisedb.com> wrote: >>>> >>>>> Hi Dave, >>>>> >>>>> Tested it with PEM7 RestApi testsuite and it is working fine :) >>>>> >>>> >>>> The docs for this module say it's based on Flask-Login's session >>>> protect mechanism, and was intended to allow session protection in other >>>> scenarios. As we are already using Flask-Login, do we need this? >>>> >>>> See the Session Protection section on https://flask-login.readthe >>>> docs.io/en/latest/. >>>> >>>> -- >>>> Dave Page >>>> Blog: http://pgsnake.blogspot.com >>>> Twitter: @pgsnake >>>> >>>> EnterpriseDB UK: http://www.enterprisedb.com >>>> The Enterprise PostgreSQL Company >>>> >>> >>> >> >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
