Documentation Home
MySQL 9.5 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 41.2Mb
PDF (A4) - 41.3Mb
Man Pages (TGZ) - 262.7Kb
Man Pages (Zip) - 368.7Kb
Info (Gzip) - 4.1Mb
Info (Zip) - 4.1Mb


MySQL 9.5 Reference Manual  /  ...  /  Connection Control Plugins

8.4.3 Connection Control Plugins

Note

The Connection Control plugins are deprecated, and are subject to removal in a future version of MySQL. They are superseded by the Connection Control Component. For more information, see Section 8.4.2.3, “Migrating to the Connection Control Component”.

MySQL Server includes a plugin library that enables administrators to introduce an increasing delay in server response to connection attempts after a configurable number of consecutive failed attempts. This capability provides a deterrent that slows down brute force attacks against MySQL user accounts. The plugin library contains two plugins:

  • CONNECTION_CONTROL checks incoming connection attempts and adds a delay to server responses as necessary. This plugin also exposes system variables that enable its operation to be configured and a status variable that provides rudimentary monitoring information.

    The CONNECTION_CONTROL plugin uses the audit plugin interface (see Writing Audit Plugins). To collect information, it subscribes to the MYSQL_AUDIT_CONNECTION_CLASSMASK event class, and processes MYSQL_AUDIT_CONNECTION_CONNECT and MYSQL_AUDIT_CONNECTION_CHANGE_USER subevents to check whether the server should introduce a delay before responding to connection attempts.

  • CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS implements an INFORMATION_SCHEMA table that exposes more detailed monitoring information for failed connection attempts. For more information about this table, see Section 28.6.2, “The INFORMATION_SCHEMA CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS Table”.

The following sections provide information about connection control plugin installation and configuration.