Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13096

Implement option to lock user accounts after N authentication failures

Details

    Description

      Some users would like the ability to lock user accounts after a configurable number of authentication failures, so that brute force password checking can be prevented.

      MariaDB's current host blocking mechanism can help prevent problems like this if all authentication attempts come from the same host, but it does not help if the attacker is controlling many hosts. For example, this might be a problem if the attacker were controlling a botnet.

      This task might require MDEV-13095 to be implemented first.

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. MDEV-7598 Block user accounts after failed login attempts

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-15421 max allowed bad password attempts from ip

          • Major - Major loss of function.
          • Closed

          Activity

            There are no comments yet on this issue.

            People

              cvicentiu Vicențiu Ciorbaru
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.