Jundl Jundl - 10 days ago 5
MySQL Question

MySql 5.7. lock account after too many failed attempts

is there really no "build in" way to lock an mysql account (I use 5.7.15 on Debian) after a configured number of failed login attempts?

Answer

is there really no "build in" way to lock an mysql account

Not that I know off but you can get it done using application logic. That's: have a bit column named IsLocked bit and a RetryCount INT column. In your, application, check if it's subsequent login attempt and if it's then increase the RetryCount column.

Once, RetryCount column reaches to 3 (per your need) update the table set IsLocked column to true.

So, any login attempt after that; just check if the IsLocked column is true and if yes then deny the login and throw validation error message to end user.