Bug #50125 Server should use client hostname for user authentication even if proxy is used
Submitted: 7 Jan 2010 5:40 Modified: 7 Jan 2010 11:01
Reporter: Tetsuro Ikeda Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Proxy Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[7 Jan 2010 5:40] Tetsuro Ikeda 
Description:
Currently, when we use MySQL Proxy between client and server, proxy's IP address / Host is used for client authentication instead of client's IP/Host.

So, we have to grant user@proxy-hostname instead of user@client-hostname.

This behaviour might have following probrems:

Server cannot distinguish clients if there are multiple clients and same username is used. proxy-hostname is always used.

We can still use user@proxy-hostname as a workaround, but in this case user@proxy-hostname is same as user@"%" and this means security level is get lower.

So, this behaviour conflict with MySQL's traditional user management concept.

How to repeat:
Connect mysql server with any mysql client over mysql proxy.

Suggested fix:
Currently MySQL server gets client IP address from TCP/IP socket object and server gets hostname from the IP address. 

And, with current MySQL client-server protocol, any mysql clients cannot specify client's IP address.

MySQL client-server protocol have to be expended.
[7 Jan 2010 5:43] Tetsuro Ikeda 
MySQL Query Analyzer is very good tool, and MySQL proxy is needed when we use Query analyzer. 
So, this issue will have big impact.
[7 Jan 2010 11:01] Susanne Ebrecht 
Many thanks for writing a feature request.

We won't implement this because it will be impossible to do this without changing the MySQL protocol.