[MDEV-19133] Limit / throttle connection attempts Created: 2019-04-02 Updated: 2023-01-05 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Minor |
| Reporter: | Hartmut Holzgraefe | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||
| Description |
|
A client repeatedly trying to connect with a nonexisting default database given can lead to a denial-of-service effect. As the client authenticates correctly, and only fails when trying to use the database given on connect, this is not caught by the server mechanism that blocks out hosts after too many failed connection attempts, as the actual connect and authentication phase were completed successfully. Per-user limits don't help here either, as for this the actual user needs to be known first, and that already takes most of the connect time and effort in this case. Being able to limit the number of connections per time period on a per host basis could help against misbehaved client hosts of this kind |
| Comments |
| Comment by Elena Stepanova [ 2019-04-08 ] |
|
Since it is a request for a new functionality rather than a bug report, I have moved it to Tasks. |
| Comment by Sergei Golubchik [ 2023-01-03 ] |
|
one can also connect successfully, run DO 1 and disconnect. If one'd do it too often, it can "lead to a denial-of-service effect" too. Anything can. per-host limits could help, to an extent. but also they'll make it much easier to DoS one single host. |