Jundl Jundl - 1 year ago 99
MySQL Question

MySql 5.7. lock account after too many failed attempts

is there really no "build in" way to lock an mysql account (I use 5.7.15 on Debian) after a configured number of failed login attempts?

Answer Source

is there really no "build in" way to lock an mysql account

Not that I know off but you can get it done using application logic. That's: have a bit column named IsLocked bit and a RetryCount INT column. In your, application, check if it's subsequent login attempt and if it's then increase the RetryCount column.

Once, RetryCount column reaches to 3 (per your need) update the table set IsLocked column to true.

So, any login attempt after that; just check if the IsLocked column is true and if yes then deny the login and throw validation error message to end user.