Bug #17318 | allow to throttle/lock user after x wrong password entries | ||
---|---|---|---|
Submitted: | 11 Feb 2006 8:31 | Modified: | 12 Feb 2006 9:39 |
Reporter: | Ralf Hauser | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: General | Severity: | S4 (Feature request) |
Version: | OS: | Any | |
Assigned to: | CPU Architecture: | Any |
[11 Feb 2006 8:31]
Ralf Hauser
[11 Feb 2006 8:45]
Ralf Hauser
This would require some recovery measures (via admin), policies when to lock (more than 3 wrong pws because connection pools typically would lock-out in one erroneous attempt) or how much to throttle/slow down - e.g. only one bad PW every 15 minutes? And counter-measures to prevent denial-of-service attacks exploiting this feature. see also: "provide a port that only accepts SSL connection and only serves SSL-enabled users" - Bug #17319 and the complementary connector/J RFE is Bug #17320
[12 Feb 2006 9:39]
Valeriy Kravchuk
Thank you for a reasonable feature request. I hope, it will be implemented some day.