[pmg-devel] [PATCH pmg-api/gui] add quarantine self service button

Dominik Csapak d.csapak at proxmox.com
Wed Nov 18 08:56:25 CET 2020

On 11/18/20 8:44 AM, Thomas Lamprecht wrote:
> On 17.11.20 17:38, Dietmar Maurer wrote:
>>> On 11/17/2020 5:27 PM Dietmar Maurer <dietmar at proxmox.com> wrote:
>>> IMHO this is too dangerous.
>>> This needs at least some kind of captcha ...
>> i.e. This would allow direct DOS attacks to the internal mail server.
> I found this captcha solution, relatively sophisticated but not a PITA for the
> (human) user, Friendly Captcha[0] used by some official European Union websites.
> It uses Proof of Work[2] (i.e. crypto puzzel ones device needs to solve by
> computation), the specific library used is "Friendly PoW"[1].
> If we go for a captcha I'd like something like this (could be rebuild), as
> it avoids the issues with picture texts (easily solved by computers, bad
> accessibility for humans) and similar captchas.
> [0]: https://github.com/friendlycaptcha/friendly-challenge
> [1]: https://github.com/friendlycaptcha/friendly-pow
> [2]: https://de.wikipedia.org/wiki/Proof_of_Work

i'd rather go with a rate limited approach
e.g. a file with a
mail -> last click time
and refuse if the last click time is not older than 5min ?
and only 1 per 5 seconds overall?

a captcha would be much harder to implement (more dependencies,
backend as well as dependent frontend code and in this example
it seems the code is only available for js/ts), though
if we find a simple solution, i am not against it

More information about the pmg-devel mailing list