On Thu, Jul 20, 2017 at 1:34 PM, Murtuza Zabuawala < murtuza.zabuaw...@enterprisedb.com> wrote:
> It is based on Flask-Login module but > 1) Flask-Login will mark a user as logged out when it detects that an > existing session suddenly appears to come from a different originating IP > address or a different browser. But it is unfortunate that Flask-Login does > not enable this option by default. > That's just a config change though, to use strong protection instead of basic. > 2) It does not support it at all if you want to also use the browsers > "remember me" functionality. > The *browsers* remember me functionality, or Flasks? AFAIK remember me in the browser is just auto-filling of the username/password anyway, which will only happen when creating a new session right? > > It's just a small wrapper module to overcome above scenarios, It is not > most necessary thing to include in our project but it will improve the > session security. > > On Thu, Jul 20, 2017 at 5:52 PM, Dave Page <dp...@pgadmin.org> wrote: > >> Hi >> >> On Thu, Jul 20, 2017 at 12:59 PM, Murtuza Zabuawala < >> murtuza.zabuaw...@enterprisedb.com> wrote: >> >>> Hi Dave, >>> >>> Tested it with PEM7 RestApi testsuite and it is working fine :) >>> >> >> The docs for this module say it's based on Flask-Login's session protect >> mechanism, and was intended to allow session protection in other scenarios. >> As we are already using Flask-Login, do we need this? >> >> See the Session Protection section on https://flask-login.readthe >> docs.io/en/latest/. >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EnterpriseDB UK: http://www.enterprisedb.com >> The Enterprise PostgreSQL Company >> > > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
