Backport login throttling plugin to 5.6 and 5.7
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.6 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Invalid
|
Undecided
|
Unassigned | ||
Yakkety |
Invalid
|
Undecided
|
Unassigned | ||
mysql-5.7 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In MySQL 8.0 we (Oracle) are adding a plugin to rate-limit/throttle
login attempts in order to stop brute-force attacks.
Since this is a security mechanism that has been requested by users,
we would also like to backport this plugin to MySQL 5.6 and 5.7.
After consulting with Robie Basak (racb), we understand this change to
be allowed in Ubuntu under the SRU process (Sect. 2.2,
https:/
comments or objections, we'd like to hear them now.
Impact
======
This functionality is implemented in a plugin. The plugin is not
loaded, and the functionality will not be activated unless the DBA
explicitly activates it.
Regression potential
=======
The potential for regression is considered low for the following
reasons:
- The new functionality is in a plugin that 1) is not loaded by
default, and 2) can be unloaded if it causes problems.
- The change does not introduce new SQL syntax, and no existing
syntax is affected.
- The plugin is new, so it's not used by any other packages in
Ubuntu.
Subscribing ~ubuntu-sru for information, though AIUI no explicit approval is required with our new SRU policy.