Is there any chance to add an anti-BFA mechanism? #13111
Assignees
Labels
question
Used when we need feedback from the submitter or when the issue is a question about PMA
Comments
|
Yes, you can enable captcha on login page. Generally I can recommend reading Securing your phpMyAdmin installation in our documentation. |
|
What about BFA preventor like "5 Tries already, try again in 30 minutes" (or any time setted by the user) ? |
|
There is nothing we could do out of the box as some persistent storage is needed to make it effective, see discussion in #4349. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I am not a PHP programmer or a security expert. Yet I humbly ask if it is possible to add an anti Brute Force Attack (BFA) mechanism?
AFAIK, the current situation is that users must manually create one themselves via Fail2Ban or LFD. This task requires considerable knowledge in Linux, Regular expressions, and and programming, and doesn't suit to the average user.
I hope you would consider adding such a mechanism. Ben,
The text was updated successfully, but these errors were encountered: