Hi [please keep the list CC'd]
On Thu, Jul 22, 2021 at 10:14 AM Florian Sabonchi <sabon...@posteo.de> wrote: > Hello Dave, > > As you said, it doesn't make sense to ban ip addresses. Alternatively, a > captcha could be implemented that prevents an attacker from trying to > bruteforce an account. > We did discuss using a captcha, but a) I *really* dislike them, and b) most of the good ones require internet access which not all users have. > > On 22.07.21 10:31, Dave Page wrote: > > That's more difficult to deal with - there are common deployment > > scenarios where all connections might appear to come from a single IP, > > for example, when behind a load balancer (there are good reasons to do > > that, even with a single pgAdmin instance) or proxy. In such cases we > > may or may not get an X-Forwarded-For header, and even if we do it may > > not be reliable. > -- Dave Page Blog: https://pgsnake.blogspot.com Twitter: @pgsnake EDB: https://www.enterprisedb.com
