我要评论自mysql5.6版本,引入了新密码校验插件
validate_password, 用于管理用户密码长度、强度等,保障账号的安全性。而到了mysql 8.0,引入了服务器组件(components)这个特性,validate_password插件已用服务器组件重新实现。
一、密码策略插件validate_password用法介绍
validate_password是mysql默认的密码管理策略插件,可通过配置对用户密码长度、强度进行管理;
1 - 1、策略查询命令
mysql> show variables like 'validate_password%'; +--------------------------------------+--------+ | variable_name | value | +--------------------------------------+--------+ | validate_password_check_user_name | off | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | medium | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.00 sec)
1 - 2、属性信息介绍
| 属性 | 默认值 | 属性描述 |
|---|---|---|
| validate_password_check_user_name | off | 设置为on的时候表示能将密码设置成当前用户名。 |
| validate_password_dictionary_file | 用于检查密码的字典文件的路径名,默认为空 | |
| validate_password_length | 8 | 密码的最小长度,也就是说密码长度必须大于或等于8 |
| validate_password_mixed_case_count | 1 | 如果密码策略是中等或更强的,validate_password要求密码具有的小写和大写字符的最小数量。对于给定的这个值密码必须有那么多小写字符和那么多大写字符。 |
| validate_password_number_count | 1 | 密码必须包含的数字个数 |
| validate_password_policy | medium | right-aligned 密码强度检验等级,可以使用数值0、1、2或相应的符号值low、medium、strong来指定。0/low:只检查长度。1/medium:检查长度、数字、大小写、特殊字符。2/strong:检查长度、数字、大小写、特殊字符、字典文件。 |
| validate_password_special_char_count | 1 | 密码必须包含的特殊字符个数 |
1 - 3、修改方式(命令)
如下,是修改密码强度等级
set global validate_password_policy=low; -- for low set global validate_password_policy=medium; -- for medium set global validate_password_policy=strong; -- for high -- 同等于下 _ set global validate_password_policy = 0; -- for low set global validate_password_policy = 1; -- for medium set global validate_password_policy = 2; -- for high
mysql密码强度等级
| 密码规则 | 强度得分 |
|---|---|
| length < 4 | 0 |
| length ≥ 4 and < validate_password.length | 25 |
| satisfies policy 1 (low:只验证长度) | 50 |
| satisfies policy 2 (medium:验证长度、数字、大小写、特殊字符) | 75 |
| satisfies policy 3 (strong:验证长度、数字、大小写、特殊字符、字典文件) | 100 |
如下,是密码长度策略控制,代表最小长度,但最小长度为4;如果设置小于4,也会默认为4的。
set global validate_password_length=6;
二、首次安装mysql后的策略配置
通常,在我们安装完并启动mysql后,validate_password插件就会开始运行,系统会给root用户自动生成一个随机密码,存放到日志文件mysqld.log中,用于首次登录使用。
可通过命令获取root用户的临时密码,如下:waq,qr%be2(5,可以用该密码进行首次登录。
# grep “password” /var/log/mysqld.log 2020-12-19t05:16:36.218234z 1 [note] a temporary password is generated for root@localhost: waq,qr%be2(5
登录后系统会强制让你重置root密码,否则不允许对数据库进行操作。
mysql> select user(); error 1820 (hy000): you must reset your password using alter user statement before executing this statement.
如果只是修改为一个简单的密码,会报以下错误:
mysql> alter user 'root'@'localhost' identified by '12345678'; error 1819 (hy000): your password does not satisfy the current policy requirements
如果你想设置成“123456”这种弱口令,需要先将validate_password_policy设为low;这样mysql就只检查密码长度了。
mysql> set global validate_password_policy=low; query ok, 0 rows affected (0.04 sec)
三、安装validate_password插件
有些版本较低或未进行全部插件安装的mysql,会发现如下情况:
mysql> show variables like 'validate_password%'; empty set (0.00 sec)
没看错,未安装~
那么请执行如下命令安装即可:
mysql> install plugin validate_password soname 'validate_password.so'; query ok, 0 rows affected (0.17 sec)
卸载命令:
mysql> uninstall plugin validate_password; query ok, 0 rows affected, 1 warning (0.01 sec)
安装后可通过命令 show plugins 查看已安装的mysql插件:状态为:active表示已激活。
mysql> show plugins; +----------------------------+----------+--------------------+----------------------+---------+ | name | status | type | library | license | +----------------------------+----------+--------------------+----------------------+---------+ | binlog | active | storage engine | null | gpl | | mysql_native_password | active | authentication | null | gpl | | sha256_password | active | authentication | null | gpl | | mrg_myisam | active | storage engine | null | gpl | | performance_schema | active | storage engine | null | gpl | | memory | active | storage engine | null | gpl | | innodb | active | storage engine | null | gpl | | innodb_trx | active | information schema | null | gpl | | innodb_locks | active | information schema | null | gpl | | innodb_lock_waits | active | information schema | null | gpl | | innodb_cmp | active | information schema | null | gpl | | innodb_cmp_reset | active | information schema | null | gpl | | innodb_cmpmem | active | information schema | null | gpl | | innodb_cmpmem_reset | active | information schema | null | gpl | | innodb_cmp_per_index | active | information schema | null | gpl | | innodb_cmp_per_index_reset | active | information schema | null | gpl | | innodb_buffer_page | active | information schema | null | gpl | | innodb_buffer_page_lru | active | information schema | null | gpl | | innodb_buffer_pool_stats | active | information schema | null | gpl | | innodb_temp_table_info | active | information schema | null | gpl | | innodb_metrics | active | information schema | null | gpl | | innodb_ft_default_stopword | active | information schema | null | gpl | | innodb_ft_deleted | active | information schema | null | gpl | | innodb_ft_being_deleted | active | information schema | null | gpl | | innodb_ft_config | active | information schema | null | gpl | | innodb_ft_index_cache | active | information schema | null | gpl | | innodb_ft_index_table | active | information schema | null | gpl | | innodb_sys_tables | active | information schema | null | gpl | | innodb_sys_tablestats | active | information schema | null | gpl | | innodb_sys_indexes | active | information schema | null | gpl | | innodb_sys_columns | active | information schema | null | gpl | | innodb_sys_fields | active | information schema | null | gpl | | innodb_sys_foreign | active | information schema | null | gpl | | innodb_sys_foreign_cols | active | information schema | null | gpl | | innodb_sys_tablespaces | active | information schema | null | gpl | | innodb_sys_datafiles | active | information schema | null | gpl | | innodb_sys_virtual | active | information schema | null | gpl | | csv | active | storage engine | null | gpl | | myisam | active | storage engine | null | gpl | | federated | disabled | storage engine | null | gpl | | blackhole | active | storage engine | null | gpl | | partition | active | storage engine | null | gpl | | archive | active | storage engine | null | gpl | | ngram | active | ftparser | null | gpl | | validate_password | active | validate password | validate_password.so | gpl | +----------------------------+----------+--------------------+----------------------+---------+ 45 rows in set (0.00 sec)
附、一张有故事的照片(十四)
默
是心灵的寄托
我的博客即将同步至 oschina 社区,这是我的 oschina id:竹蜻蜓不会飞,邀请大家一同入驻:https://www.oschina.net/sharing-plan/apply
到此这篇关于mysql密码策略管理插件validate_password的文章就介绍到这了,更多相关mysql validate_password内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论