When I saw Shlomi’s recent post which asked (in part) for
blacklist support in MySQL, I started thinking about ways in
which this could be done using the tools we have today.
Here’s the example requirements Shlomi noted:
Speaking of whitelist, it would be great to have a host
blacklist. If I wanted to grant access to ‘gromit’@’192.168.%’
except for ’192.168.10.%’ — well, I would have to whitelist all
the possible subnets. I can’t exclude a set of hosts.
I think that’s entirely possible without the overhead of
whitelisting all possible subnets – let’s give it a go!
This solution will rely on the fact that the first step in
authentication in MySQL is finding the most applicable host for
the incoming connection. That’s caused all sorts of
annoyances in the past with the anonymous user, where …[Read more]