On Thu, Jul 22, 2021 at 10:14 AM Florian Sabonchi <sabonchi@posteo.de> wrote:
Hello Dave,
As you said, it doesn't make sense to ban ip addresses. Alternatively, a captcha could be implemented that prevents an attacker from trying to bruteforce an account.
We did discuss using a captcha, but a) I *really* dislike them, and b) most of the good ones require internet access which not all users have.
On 22.07.21 10:31, Dave Page wrote: > That's more difficult to deal with - there are common deployment > scenarios where all connections might appear to come from a single IP, > for example, when behind a load balancer (there are good reasons to do > that, even with a single pgAdmin instance) or proxy. In such cases we > may or may not get an X-Forwarded-For header, and even if we do it may > not be reliable.