Question

Do unauthorized pending connections count to managed MySQL's max_connections?

Posted July 5, 2021 142 views
SecurityDigitalOcean Managed MySQL Database

As per the documentation (https://docs.digitalocean.com/products/databases/mysql/#mysql-limits) DigitalOcean Managed MySQL databases allow 75 concurrent connections per each GB of memory.

When the MySQL service is wide open to the internet, will can brute-force hackers block out all 75 connections by opening 75 sessions and trying to brute-force my password, essentially leaving the database inaccessible to me?

As an explanation, I need to leave the DB wide open to the internet because it’s accessed from AWS Lambda functions.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hello,

The best way to protect yourself from brute-force attacks is by using the trusted sources so that the database cluster would be locked for the world.

If you however need to keep the database open, then it might be the case that you receive a brute-force attack, but it still needs to be a huge one in order to flood all of the available SQL connections.

Regards,
Bobby