MySQL密码策略管理插件validate_password
MySQL密码策略管理插件validate_password
小伙伴想精准查找自己想看的MySQL文章?喏 → MySQL江湖路 | 专栏目录
自MySQL5.6版本,引入了新密码校验插件
validate_password, 用于管理用户密码长度、强度等,保障账号的安全性。而到了MySQL 8.0,引入了服务器组件(Components)这个特性,validate_password插件已用服务器组件重新实现。
目录
一、密码策略插件validate_password用法介绍
validate_password是MySQL默认的密码管理策略插件,可通过配置对用户密码长度、强度进行管理;
1 - 1、策略查询命令
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)1 - 2、属性信息介绍
属性 | 默认值 | 属性描述 |
|---|---|---|
validate_password_check_user_name | OFF | 设置为ON的时候表示能将密码设置成当前用户名。 |
validate_password_dictionary_file | 用于检查密码的字典文件的路径名,默认为空 | |
validate_password_length | 8 | 密码的最小长度,也就是说密码长度必须大于或等于8 |
validate_password_mixed_case_count | 1 | 如果密码策略是中等或更强的,validate_password要求密码具有的小写和大写字符的最小数量。对于给定的这个值密码必须有那么多小写字符和那么多大写字符。 |
validate_password_number_count | 1 | 密码必须包含的数字个数 |
validate_password_policy | MEDIUM | right-aligned 密码强度检验等级,可以使用数值0、1、2或相应的符号值LOW、MEDIUM、STRONG来指定。0/LOW:只检查长度。1/MEDIUM:检查长度、数字、大小写、特殊字符。2/STRONG:检查长度、数字、大小写、特殊字符、字典文件。 |
validate_password_special_char_count | 1 | 密码必须包含的特殊字符个数 |
1 - 3、修改方式(命令)
如下,是修改密码强度等级
SET GLOBAL validate_password_policy=LOW; -- For LOW
SET GLOBAL validate_password_policy=MEDIUM; -- For MEDIUM
SET GLOBAL validate_password_policy=STRONG; -- For HIGH
-- 同等于下 _
SET GLOBAL validate_password_policy = 0; -- For LOW
SET GLOBAL validate_password_policy = 1; -- For MEDIUM
SET GLOBAL validate_password_policy = 2; -- For HIGHMySQL密码强度等级
密码规则 | 强度得分 |
|---|---|
Length < 4 | 0 |
Length ≥ 4 and < validate_password.length | 25 |
Satisfies policy 1 (LOW:只验证长度) | 50 |
Satisfies policy 2 (MEDIUM:验证长度、数字、大小写、特殊字符) | 75 |
Satisfies policy 3 (STRONG:验证长度、数字、大小写、特殊字符、字典文件) | 100 |
如下,是密码长度策略控制,代表最小长度,但最小长度为4;如果设置小于4,也会默认为4的。
SET GLOBAL validate_password_length=6;二、首次安装MySQL后的策略配置
通常,在我们安装完并启动MySQL后,validate_password插件就会开始运行,系统会给root用户自动生成一个随机密码,存放到日志文件mysqld.log中,用于首次登录使用。
可通过命令获取root用户的临时密码,如下:waQ,qR%be2(5,可以用该密码进行首次登录。
# grep “password” /var/log/mysqld.log
2020-12-19T05:16:36.218234Z 1 [Note] A temporary password is generated for root@localhost: waQ,qR%be2(5登录后系统会强制让你重置root密码,否则不允许对数据库进行操作。
mysql> select user();
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.如果只是修改为一个简单的密码,会报以下错误:
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '12345678';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements如果你想设置成“123456”这种弱口令,需要先将validate_password_policy设为LOW;这样MySQL就只检查密码长度了。
mysql> SET GLOBAL validate_password_policy=LOW;
Query OK, 0 rows affected (0.04 sec)三、安装validate_password插件
有些版本较低或未进行全部插件安装的MySQL,会发现如下情况:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Empty set (0.00 sec)没看错,未安装~
那么请执行如下命令安装即可:
mysql> install plugin validate_password soname 'validate_password.so';
Query OK, 0 rows affected (0.17 sec)卸载命令:
mysql> UNINSTALL PLUGIN validate_password;
Query OK, 0 rows affected, 1 warning (0.01 sec)安装后可通过命令 show plugins 查看已安装的MySQL插件:状态为:ACTIVE表示已激活。
mysql> show plugins;
+----------------------------+----------+--------------------+----------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+----------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
| validate_password | ACTIVE | VALIDATE PASSWORD | validate_password.so | GPL |
+----------------------------+----------+--------------------+----------------------+---------+
45 rows in set (0.00 sec)附、一张有故事的照片(十四)
默 是心灵的寄托