Re: Bug #6337 Patch
| От | Dave Page |
|---|---|
| Тема | Re: Bug #6337 Patch |
| Дата | |
| Msg-id | CA+OCxoz1=Pu2U+JmJQshhMHLu8ztdTKguGL9=OCoskwnrwX1pw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Bug #6337 Patch (Florian Sabonchi <sabonchi@posteo.de>) |
| Список | pgadmin-hackers |
Hi
[please keep the list CC'd]
On Thu, Jul 22, 2021 at 10:14 AM Florian Sabonchi <sabonchi@posteo.de> wrote:
Hello Dave,
As you said, it doesn't make sense to ban ip addresses. Alternatively, a
captcha could be implemented that prevents an attacker from trying to
bruteforce an account.
We did discuss using a captcha, but a) I *really* dislike them, and b) most of the good ones require internet access which not all users have.
On 22.07.21 10:31, Dave Page wrote:
> That's more difficult to deal with - there are common deployment
> scenarios where all connections might appear to come from a single IP,
> for example, when behind a load balancer (there are good reasons to do
> that, even with a single pgAdmin instance) or proxy. In such cases we
> may or may not get an X-Forwarded-For header, and even if we do it may
> not be reliable.
В списке pgadmin-hackers по дате отправления: