防止使用過於簡單的密碼,mysql提供了validate_password密碼插件來強制規範密碼複雜度。用了這個插件再去創建123456這種密碼時操作會報錯。
https://dev.mysql.com/doc/refman/5.7/en/validate-password-installation.html
在線安裝:
INSTALL PLUGIN validate_password SONAME 'validate_password.so';
或者增加配置然後重啓
[mysqld]
plugin-load-add=validate_password.so
show plugins;查看下剛剛安裝的validate_password插件
(root@localhost) [(none)]>show plugins;
+----------------------------+----------+--------------------+----------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+----------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
| validate_password | ACTIVE | VALIDATE PASSWORD | validate_password.so | GPL |
+----------------------------+----------+--------------------+----------------------+---------+
45 rows in set (0.00 sec)
查看參數 show variables like 'validate%';
(root@localhost) [(none)]>show variables like 'validate%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | OFF |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.01 sec)
1、validate_password_length 8 密碼長度爲8位
2、validate_password_mixed_case_count 1 包含一個大寫字母
3、validate_password_number_count 1 包含一個數字
4、validate_password_special_char_count 包含一個特殊字符
完了之後修改密碼爲123,報錯如下。密碼不安全,不符合validate_password插件的約束。
(root@localhost) [(none)]>alter user david@'%' identified by '123';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
那麼我們設置一個符合規範的密碼,設置成功
(root@localhost) [(none)]>alter user david@'%' identified by '1111aaA_';
Query OK, 0 rows affected (0.00 sec)
validate_password_dictionary_file 密碼字典表
啓用這個密碼字典表
可以做到限制密碼不能包含字典中指定的字符串。
創建一個包含admin字符串的文件:
echo 'admin'> dic.file
指定validate_password_dictionary_file和validate_password_policy 值
(root@localhost) [(none)]>set global validate_password_dictionary_file = '/mdata/mysql57/dic.file';
Query OK, 0 rows affected (0.00 sec)
(root@localhost) [(none)]>set global validate_password_policy = STRONG;
Query OK, 0 rows affected (0.00 sec)
現在設置密碼爲1111adminDD_提示修改失敗。去掉admin使用kk代替就成功了。
(root@localhost) [(none)]>alter user david@'%' identified by '1111adminDD_';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
(root@localhost) [(none)]>alter user david@'%' identified by '1111kkDD_';
Query OK, 0 rows affected (0.00 sec)
validate_password_check_user_name
設置ON,約束密碼不能直接設置爲用戶名
set global validate_password_check_user_name= ON;
(root@localhost) [(none)]>alter user david@'%' identified by 'root';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements