MySQL 有內鍵的驗證密碼插件,可以用來提高安全性

怎麼設定

vi /etc/my.cnf

[mysqld]
plugin-load-add=validate_password.so
validate-password=FORCE_PLUS_PERMANENT
validate_password_policy=MEDIUM
validate_password_check_user_name=1
systemctl restart mysqld

驗證是否 work

SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE '%validate_password%';
+-------------------+---------------+
| PLUGIN_NAME       | PLUGIN_STATUS |
+-------------------+---------------+
| validate_password | ACTIVE        |
+-------------------+---------------+
show global variables like 'validate%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_check_user_name    | ON     | # 不可設定與其使用者名稱相同或相反的密碼
| validate_password_dictionary_file    |        | # 字典檔案的路徑,任何與字典中任何單字相符的密碼都不能使用,當 validate_password_policy 為 strong 時
| validate_password_length             | 8      | # 密碼長度至少 8 個字元
| validate_password_mixed_case_count   | 1      | # 大小寫字元的最小數量
| validate_password_number_count       | 1      | # 數字字元最小數量
| validate_password_policy             | MEDIUM | # 密碼強度
| validate_password_special_char_count | 1      | # 特殊字元最小數量
+--------------------------------------+--------+

 

實際設定新密碼

set password = '123456';

結果,不符原則

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

 

參考

# https://www.percona.com/blog/improving-mysql-password-security-with-validation-plugin/
# https://dev.mysql.com/doc/mysql-secure-deployment-guide/5.7/en/secure-deployment-password-validation.html