Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2015
    Posts
    4

    Unanswered: Limit login attempts?

    Hey,

    is there a way to limit login attempts using mysql? I'm currently making a small project with c# and i want to to limit the login attempts for a user to 5.
    There is no way to do it by code, so how can i do this with MySQL?
    (It's allowed to ask beginner questions, right?)

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Quote Originally Posted by Queryid View Post
    (It's allowed to ask beginner questions, right?)
    Of course it is!
    Quote Originally Posted by Queryid View Post
    There is no way to do it by code, so how can i do this with MySQL?
    What do you mean there is no way to do it by code?
    George
    Home | Blog

  3. #3
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    Within MySQL, as part of the standard MySQL setup) not that I'm aware of
    but its your application, your front end there's nowt stopping you coding your application so that it does that.

    But bear in mind if the userid and password is compromised, or the root userid is not prtected then anybody with access to the db server will be able to access the actual data.

    As with all these things it depends on what you are actually trying to do/protect against
    ...is that 5 consecutive from the same sintance attempts to logon to your application (if so do that entirely in your code) (ie a user tries more than 5 times to logon onto the system but has forgotten their password.

    If you want to detect if there have been 5 consecutive attempts to logon using the same bad credentials (either userid or password) irrespective of timescale (say over several days from different computers) then you need to store that failed logon inside a table. if you do then I'd also record the computer (prob IP Address) date and time, the actual MySQL error message and so on in part to help you identify if its a credentials issue (IE the userid and password are fine, but the server permissions don't allow access for that IP address), or spot a trend that m,ay suggest user XYZ's logon is being attacked

    if you are concerned about logon activity its usually also a good idea to record who/where the user is, that too can give pointers to possible fraudulent activity (eg if user ABC is UK based and there is an attempt to logon to that account from say a Chinese IP address then its possible the account has been compromised. Of course it could be that user ABC is in China and its all legit... so don't be tempted to pull the plug on a paid fro application if there is a risk that users may be travelling the world. It depends on what your application is, what you are concerned about and what you feel is a reasonable requirement.
    I'd rather be riding on the Tiger 800 or the Norton

  4. #4
    Join Date
    Feb 2015
    Posts
    4
    Quote Originally Posted by gvee View Post
    Of course it is!

    What do you mean there is no way to do it by code?
    Good to know, that it is allowed.
    I'm not completely new to MySQL but i'm not that good i would say.

    I mean there is no way by code because if i would save the attempts in the file or in the project resources they could easily be changed (The Project could be decompiled)?.
    At least i know no way to do that.

    @healdem
    I don't want to do it by code because the login data could be compromised easily by doing it.

    I want to detect if there have been 5 consecutive attempts to login using bad credentials irrespective of timescale. So i have to do it with an new table but how would the table look like? Where would the reference be to (To the IP?)?

    The problem is that i have no idea how to start with it. To be honest i also don't worked that often with the MySQL Users, just with an extra table. I would also agree to save the ip address and some additional data like time, errormessage and so on but i don't think i need to store the country.
    I just would like to realize a good login system. I also have a problem with creating a new user in the MySQL System, how can i do that?

    Could you or someone else give me a example? Any help is appreciated.

    (I had to take a look at some english words.)
    My native english is not english, so sorry for any misspellings, i hope it's okay.
    Last edited by Queryid; 02-14-15 at 09:47.

  5. #5
    Join Date
    Feb 2015
    Posts
    4
    Is it allowed to push here?
    Can no one help me?

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    there is no way that Im aware of doing what you want within MySQL itself, unless you wrote a stored procedure that handled your own form of authentication.
    if you cannot / do not want to do this via your C# program then thats the only option I can think of.
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •