Description:
MySQL proxy should have a way to restrict hosts which can connect, e.g. which user@host can connect. Because currently it leads to situation when any host can connect using particular account to database.

How to repeat:
see above

Partial workarounds for this:

1. Firewall. It shouldn't be possible to even see the server unless your host has permission to access it. If it can be seen, denial of service attacks are possible even without access rights.
2. Non-standard ports. So standard scripted attacks on default ports will fail.

Only once those methods have failed to protect the server do the individual user connection and other access rights start to become significant. Not supporting them is a significant problem for those who want good access control.

Until such time as the mysql server allows us to pass through originating host information in any way (secure or not), there will always be a limitation that clients connecting through the proxy will appear to be coming from whichever host the proxy is running on (usually localhost), thus making it impossible to use grants that discriminate based on hostname, network, etc. The same issue exists when connections come in via NAT'd subnets, or via Linux HA virtual IPs, etc.

While we do want to add allow/deny type security to the proxy, there does become a point of diminishing returns, addressed by and usable today by the workarounds James posted.