sebastianneubauer

Is there any progress here? I have the same issue because I use fakes3 for local tests which does not implement delete_keys...would it make sense that I implement a fallback...

Maybe similar problem here, what about basic authentication header? Is is possible to send it from the ui?

Any ideas what permissions are not sufficiently restricted?

Currently it is the same information every user can access using the collection resource of the API anyhow, so we can close this issue, right?

We can safely add "postgres" to the list of forbidden database and usernames...I heard this leads to a terrible failure of the postgraas and that is even not a surprise

To me this looks like an empty password is not valid, at least the error message comes directly from the postgres login using psycopg What about checking explicitely for an...