MySQL8.0 密码管理与密码策略
一、密码管理
#新密码不能和前面三次的密码相同
password_history = 3 ;
#新密码不能和前面九十天内使用的密码相同
password_reuse_interval = 90 ;
# 默认为off;为on 时 修改密码需要用户提供当前密码 (开启后修改密码需要验证旧密码,root 用户不需要)
password_require_current = on ;
#查看密码管理策略
mysql> show variables like 'password%';
+--------------------------+-------+
| Variable_name | Value |
+--------------------------+-------+
| password_history | 0 |
| password_require_current | OFF |
| password_reuse_interval | 0 |
+--------------------------+-------+
3 rows in set (0.00 sec)
参数修改(建议)
## 找到mysql的配置文件 my.cnf,默认在 /etc/my.cnf
vi /etc/my.cnf
## 在最后增加一行, 保存退出
password_history=6
二、密码安全策略
MySQL密码密码策略validate_password默认状态为NOT activated
#1.查看密码策略显示为空
mysql> SHOW VARIABLES LIKE 'validate_password%';
Empty set (0.00 sec)
#2.使用命令
mysql> install plugin validate_password soname 'validate_password.so';
Query OK, 0 rows affected, 1 warning (0.00 sec)
#3.查看返回ACTIVE状态,说明密码策略已启用
mysql> select plugin_name, plugin_status from information_schema.plugins where p lugin_name like 'validate%';
+-------------------+---------------+
| plugin_name | plugin_status |
+-------------------+---------------+
| validate_password | ACTIVE |
+-------------------+---------------+
1 row in set (0.00 sec)
#4.查看密码策略
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_check_user_name | ON |
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.00 sec)
#5.密码强度要求(0或low代表最低要求)
mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)
#6.密码长度要求
mysql> set global validate_password_length=4;
Query OK, 0 rows affected (0.00 sec)
#7.查看修改后的密码策略
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_check_user_name | ON |
| validate_password_dictionary_file | |
| validate_password_length | 4 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
7 rows in set (0.01 sec)