MySQL 有內鍵的驗證密碼插件,可以用來提高安全性
怎麼設定
vi /etc/my.cnf
[mysqld] plugin-load-add=validate_password.so validate-password=FORCE_PLUS_PERMANENT validate_password_policy=MEDIUM validate_password_check_user_name=1
systemctl restart mysqld
驗證是否 work
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE '%validate_password%';
+-------------------+---------------+ | PLUGIN_NAME | PLUGIN_STATUS | +-------------------+---------------+ | validate_password | ACTIVE | +-------------------+---------------+
show global variables like 'validate%';
+--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | ON | # 不可設定與其使用者名稱相同或相反的密碼 | validate_password_dictionary_file | | # 字典檔案的路徑,任何與字典中任何單字相符的密碼都不能使用,當 validate_password_policy 為 strong 時 | validate_password_length | 8 | # 密碼長度至少 8 個字元 | validate_password_mixed_case_count | 1 | # 大小寫字元的最小數量 | validate_password_number_count | 1 | # 數字字元最小數量 | validate_password_policy | MEDIUM | # 密碼強度 | validate_password_special_char_count | 1 | # 特殊字元最小數量 +--------------------------------------+--------+
實際設定新密碼
set password = '123456';
結果,不符原則
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
參考
# https://www.percona.com/blog/improving-mysql-password-security-with-validation-plugin/
# https://dev.mysql.com/doc/mysql-secure-deployment-guide/5.7/en/secure-deployment-password-validation.html
留言