Hi On Mon, Jul 19, 2021 at 1:22 PM Akshay Joshi <akshay.jo...@enterprisedb.com> wrote:
> Hi Florian > > Following are the review comments: > > - The "MAX_LOGIN_ATTEMPTS" parameter is not present in the *config.py*. > It should be there with some default value maybe 3. > - Can be added like > > ########################################################################## > # MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that > # are allowed. If this value is exceeded the account is locked and can be > # reset by an administrator. By setting the variable to the value zero > # this feature is deactivated. > ########################################################################## > MAX_LOGIN_ATTEMPTS = 3 > > > - I have tested by specifying the above value, and it seems the logic > is not correct. I can perform N number of unsuccessful attempts and when I > provided the correct password it shows the flash message "Account locked". > - Once the account is locked, the pgAdmin4 server needs to restart, > can we make it time-bound? I mean after N minutes user can try again, so no > need to restart the pgAdmin4 server. > > Isn't the point that any admin can unlock the account from the user management dialog? -- Dave Page VP, Chief Architect, Database Infrastructure Blog: https://www.enterprisedb.com/dave-page Twitter: @pgsnake EDB: https://www.enterprisedb.com
