Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19133

Limit / throttle connection attempts

    XMLWordPrintable

Details

    • Task
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      A client repeatedly trying to connect with a nonexisting default database given can lead to a denial-of-service effect.

      As the client authenticates correctly, and only fails when trying to use the database given on connect, this is not caught by the server mechanism that blocks out hosts after too many failed connection attempts, as the actual connect and authentication phase were completed successfully.

      Per-user limits don't help here either, as for this the actual user needs to be known first, and that already takes most of the connect time and effort in this case.

      Being able to limit the number of connections per time period on a per host basis could help against misbehaved client hosts of this kind

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. MDEV-29209 Implement connection response delay after a number of failed login attempts

          • Major - Major loss of function.
          • Stalled

          New Feature - A new feature of the product, which has yet to be developed. MXS-2414 Throttle connection attempts

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.