MySQL Bugs: #69967: Add ability to block connections from host based on invalid authentication

Bug #69967	Add ability to block connections from host based on invalid authentication
Submitted:	8 Aug 2013 23:40
Reporter:	Todd Farmer (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S4 (Feature request)
Version:	5.6.13	OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
It would be useful if MySQL provided a mechanism to block hosts from which excessive failed authentication failures emanate.  max_connect_errors can be sometimes misunderstood to provide this functionality, but it really only limits problems caused by bad networks or SYN flood attacks - in fact, authentication failures *reset* the host counter (as the handshake, though unsuccessful, did complete).  The max_connect_errors mechanism is also tightly coupled to the host cache, making it useless for certain deployments and hosts.

How to repeat:
See above.

Suggested fix:
Provide mechanism to block hosts based on cumulative or consecutive authentication failures.