No, it is not true. After repeated failed connection attempts from a host that host will be blocked until a flush hosts command is executed. The number allowed before this blocking is specified by the variable max_connect_errors.
See http://dev.mysql.com/doc/mysql/en/Blocked_host.html John ________________________________ From: Dave Dyer [mailto:[EMAIL PROTECTED] Sent: Sat 10/30/2004 2:01 PM To: [EMAIL PROTECTED] Subject: password guessing attacks against mysql While discussing the hazards of having an open mysql port, it occurred to me that I have never seen any mention of defenses against password guessing attacks, such as slow response to failed authentication, or shutting of a particular remote IP that seems to be issuing unsucessful requests. Is it true that there are none? -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
