验证密码(validate_password)组件通过要求输入账户密码和对潜在密码进行强度测试来提高安全性。在MySQL 8.0中,validate_password 插件是以 validate_password 组件的方式实现的。插件的方式仍然可以实用,但是已经过期,未来可能被移除。
validate_password 提供了一个函数 validate_password_strength(),用于评估潜在密码的强度。该函数接收一个密码参数,并返回一个从 0(弱)到 100(强)的整数。例如:
mysql> select validate_password_strength('123456');
+--------------------------------------+
| validate_password_strength('123456') |
+--------------------------------------+
| 25 |
+--------------------------------------+
mysql> select validate_password_strength('abcd1234');
+----------------------------------------+
| validate_password_strength('abcd1234') |
+----------------------------------------+
| 50 |
+----------------------------------------+
mysql> select validate_password_strength('A@#$123456');
+------------------------------------------+
| validate_password_strength('A@#$123456') |
+------------------------------------------+
| 50 |
+------------------------------------------+
mysql> select validate_password_strength('A@#$84_ly%fw7');
+---------------------------------------------+
| validate_password_strength('A@#$84_ly%fw7') |
+---------------------------------------------+
| 100 |
+---------------------------------------------+
validate_password 组件的安装和卸载
组件的存放位置:
>show variables like '%plugin_dir%'; +---------------+------------------------------+ | Variable_name | Value | +---------------+------------------------------+ | plugin_dir | /usr/local/mysql/lib/plugin/ | +---------------+------------------------------+
1.安装
mysql> select * from mysql.component; Empty set (0.00 sec) mysql> select * from information_schema.plugins where plugin_name='validate_password'\G Empty set (0.00 sec) --如果有老板本插件要删除 mysql> uninstall plugin validate_password; mysql> INSTALL COMPONENT 'file://component_validate_password'; Query OK, 0 rows affected (0.00 sec) root@localhost (none)>select * from mysql.component; +--------------+--------------------+------------------------------------+ | component_id | component_group_id | component_urn | +--------------+--------------------+------------------------------------+ | 1 | 1 | file://component_validate_password | +--------------+--------------------+------------------------------------+
安装后,密码复杂度策略只对生效后的操作有效,比如说你之前有个账号,密码是 123 ,则该账号还是可以继续使用的,不过若再次更改密码则需满足复杂度策略。
2.卸载
mysql> UNINSTALL COMPONENT 'file://component_validate_password'; Query OK, 0 rows affected (0.00 sec) mysql> select * from mysql.component;
系统变量说明
mysql> SHOW VARIABLES LIKE 'validate_password.%'; +-------------------------------------------------+--------+ | Variable_name | Value | +-------------------------------------------------+--------+ | validate_password.changed_characters_percentage | 0 | | validate_password.check_user_name | ON | | validate_password.dictionary_file | | | validate_password.length | 8 | | validate_password.mixed_case_count | 1 | | validate_password.number_count | 1 | | validate_password.policy | MEDIUM | | validate_password.special_char_count | 1 | +-------------------------------------------------+--------+
其中:
· validate_password_policy
代表的密码策略,默认是MEDIUM 可配置的值有以下:
-0 or LOW 仅需需符合密码长度(由参数validate_password_length指定)
-1 or MEDIUM 满足LOW策略,同时还需满足至少有1个数字,小写字母,大写字母和特殊字符
-2 or STRONG 满足MEDIUM策略,同时密码不能存在字典文件(dictionary file)中
· validate_password_dictionary_file
用于配置密码的字典文件,当validate_password_policy设置为STRONG时可以配置密码字典文件,字典文件中存在的密码不得使用。
· validate_password_length
用来设置密码的最小长度,默认值是8
· validate_password_mixed_case_count
当validate_password_policy设置为MEDIUM或者STRONG时,密码中至少同时拥有的小写和大写字母的数量,默认是1最小是0;默认是至少拥有一个小写和一个大写字母。
· validate_password_number_count
当validate_password_policy设置为MEDIUM或者STRONG时,密码中至少拥有的数字的个数,默认1最小是0
· validate_password_special_char_count
当validate_password_policy设置为MEDIUM或者STRONG时,密码中至少拥有的特殊字符的个数,默认1最小是0
状态变量说明
mysql> SHOW STATUS LIKE 'validate_password.%'; +-----------------------------------------------+---------------------+ | Variable_name | Value | +-----------------------------------------------+---------------------+ | validate_password.dictionary_file_last_parsed | 2023-11-29 14:30:11 | | validate_password.dictionary_file_words_count | 0 | +-----------------------------------------------+---------------------+