MySQL 8.0 Release Notes
MySQL 8.0 Source Code Documentation
Pre-General Availability Draft: 2017-07-17
[+/-]
MySQL Server includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. The plugin library contains two plugins:
CONNECTION_CONTROLchecks incoming connections and adds a delay to server responses as necessary. This plugin also exposes system variables that enable plugin operation to be configured and a status variable that provides rudimentary monitoring information.The
CONNECTION_CONTROLplugin uses the audit plugin interface (see Section 28.2.4.8, “Writing Audit Plugins”). To collect information, it subscribes to theMYSQL_AUDIT_CONNECTION_CLASSMASKevent class, and processesMYSQL_AUDIT_CONNECTION_CONNECTandMYSQL_AUDIT_CONNECTION_CHANGE_USERsubevents to check whether the server should introduce a delay before responding to client connection attempts.CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTSimplements anINFORMATION_SCHEMAtable that exposes more detailed monitoring information for failed connection attempts.
The following sections provide information about
connection-control plugin installation and configuration. For
information about the
CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
table, see
Section 24.32.1, “The INFORMATION_SCHEMA CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS Table”.