On Thu, Jul 22, 2021 at 9:19 AM Ashesh Vashi <ashesh.va...@enterprisedb.com> wrote:
> On Thu, Jul 22, 2021 at 12:27 PM Akshay Joshi < > akshay.jo...@enterprisedb.com> wrote: > >> Hi Florian >> >> Thanks, the patch applied. >> >> I have changed the flash string from 'Account locked' to 'Your account is >> locked. Please contact the Administrator.' >> > I have a scenario. > I have only one user in pgAdmin. > > What would happen then? > + Does it lock that user too? > Yes. > + If yes - do we have information in the document to unlock that user? > I hope so :-p > > I am also curious about another case. A hacker can use multiple users for > the same. > Should we also lock/avoid requests from a particular ip-address/machine > for X minutes/hours? > That's more difficult to deal with - there are common deployment scenarios where all connections might appear to come from a single IP, for example, when behind a load balancer (there are good reasons to do that, even with a single pgAdmin instance) or proxy. In such cases we may or may not get an X-Forwarded-For header, and even if we do it may not be reliable. -- Dave Page Blog: https://pgsnake.blogspot.com Twitter: @pgsnake EDB: https://www.enterprisedb.com
