MySQL5.7 密码安全策略

为了加强安全性,MySQL5.7为root用户随机生成了一个密码,在error log中,关于error log的位置,如果安装的是RPM包,则默认是/var/log/mysqld.log。

一般可通过log_error设置

mysql> select @@log_error;
+---------------------+
| @@log_error         |
+---------------------+
| /var/log/mysqld.log |
+---------------------+
1 row in set (0.00 sec)

可通过# grep "password" /var/log/mysqld.log 命令获取MySQL的临时密码

2016-01-19T05:16:36.218234Z 1 [Note] A temporary password is generated for [email protected]: waQ,qR%be2(5

用该密码登录到服务端后,必须马上修改密码,不然会报如下错误:

mysql> select user();
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

如果只是修改为一个简单的密码,会报以下错误:

mysql>  ALTER USER USER() IDENTIFIED BY ‘12345678‘;
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

这个其实与validate_password_policy的值有关。

validate_password_policy有以下取值:

Policy Tests Performed
0 or LOW Length
1 or MEDIUM Length; numeric, lowercase/uppercase, and special characters
2 or STRONG Length; numeric, lowercase/uppercase, and special characters; dictionary file

默认是1,即MEDIUM,所以刚开始设置的密码必须符合长度,且必须含有数字,小写或大写字母,特殊字符。

有时候,只是为了自己测试,不想密码设置得那么复杂,譬如说,我只想设置root的密码为123456。

必须修改两个全局参数:

首先,修改validate_password_policy参数的值

mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)

这样,判断密码的标准就基于密码的长度了。这个由validate_password_length参数来决定。

mysql> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          8 |
+----------------------------+
1 row in set (0.00 sec)

validate_password_length参数默认为8,它有最小值的限制,最小值为:

validate_password_number_count
+ validate_password_special_char_count
+ (2 * validate_password_mixed_case_count)

其中,validate_password_number_count指定了密码中数据的长度,validate_password_special_char_count指定了密码中特殊字符的长度,validate_password_mixed_case_count指定了密码中大小字母的长度。

这些参数,默认值均为1,所以validate_password_length最小值为4,如果你显性指定validate_password_length的值小于4,尽管不会报错,但validate_password_length的值将设为4。如下所示:

mysql> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          8 |
+----------------------------+
1 row in set (0.00 sec)

mysql> set global validate_password_length=1;
Query OK, 0 rows affected (0.00 sec)

mysql> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          4 |
+----------------------------+
1 row in set (0.00 sec)

如果修改了validate_password_number_count,validate_password_special_char_count,validate_password_mixed_case_count中任何一个值,则validate_password_length将进行动态修改。

mysql> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          4 |
+----------------------------+
1 row in set (0.00 sec)

mysql> select @@validate_password_mixed_case_count;
+--------------------------------------+
| @@validate_password_mixed_case_count |
+--------------------------------------+
|                                    1 |
+--------------------------------------+
1 row in set (0.00 sec)

mysql> set global validate_password_mixed_case_count=2;
Query OK, 0 rows affected (0.00 sec)

mysql> select @@validate_password_mixed_case_count;
+--------------------------------------+
| @@validate_password_mixed_case_count |
+--------------------------------------+
|                                    2 |
+--------------------------------------+
1 row in set (0.00 sec)

mysql> select @@validate_password_length;
+----------------------------+
| @@validate_password_length |
+----------------------------+
|                          6 |
+----------------------------+
1 row in set (0.00 sec)

当然,前提是validate_password插件必须已经安装,MySQL5.7是默认安装的。

那么如何验证validate_password插件是否安装呢?可通过查看以下参数,如果没有安装,则输出将为空。

mysql> SHOW VARIABLES LIKE ‘validate_password%‘;
+--------------------------------------+-------+
| Variable_name                        | Value |
+--------------------------------------+-------+
| validate_password_dictionary_file    |       |
| validate_password_length             | 6     |
| validate_password_mixed_case_count   | 2     |
| validate_password_number_count       | 1     |
| validate_password_policy             | LOW   |
| validate_password_special_char_count | 1     |
+--------------------------------------+-------+
6 rows in set (0.00 sec)

原文地址:https://www.cnblogs.com/likappe/p/9504332.html

时间: 2024-11-02 05:07:18

MySQL5.7 密码安全策略的相关文章

mysql5.7密码设置

mysql5.7版本引入了强制更改密码的举措,只能吐槽一句,shit!mysql5.7安装安装完mysql之后,mysql已经随机指定了一个初始化密码,可以在mysql的错误日志中找到初始化密码: cat /var/log/mysqld.log | grep password 2018-07-05T05:02:46.258821Z 0 [ERROR] unknown variable 'validate_password_policy=0' 2018-07-05T05:05:04.538912Z

mysql5.7密码过期ERROR 1862 (HY000): Your password has expired. To log in you must change

环境: ubuntu14.04  mysql5.7 一.mysql5.7 密码过期问题 报错: ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords. 翻译: 错误1862(HY000):你的密码已经过期.登录必须改变它使用一个客户端,支持过期的密码. 解决方法: 1. 用忽略授权表的方法进入mysql  

mysql5.7密码登录的那些坑

mysql5.7密码策略及修改技巧 繁著 关注 2017.08.18 22:41* 字数 522 阅读 10184评论 0喜欢 4 mysql升级5.7版本以后,安全性大幅度上升. MySQL5.7为root用户随机生成了一个密码,打印在error_log中,关于error_log的位置,如果安装的是RPM包,则默认是 /var/log/mysqld.log .于是我们可以在mysqld.log中找到初始密码串: cat /var/log/mysqld.log | grep password 用

linux mysql5.7 密码相关问题

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements select @@validate_password_length; mac mysql error You must reset your password using ALTER USER statement before executing this statement. SET PASSWORD = PASSWORD('yo

mysql5.7 密码策略

查看现有的密码策略 mysql> SHOW VARIABLES LIKE 'validate_password%';+--------------------------------------+--------+| Variable_name | Value |+--------------------------------------+--------+| validate_password_dictionary_file | || validate_password_length | 8

centos7下忘记mysql5.7密码

才装完的mysql,转眼密码就忘记了,找了一圈的修改密码方法,做下记录! 编辑mysql配置文件. [[email protected] ~]# vi /etc/my.cnf 在[mysqld]配置节下新增skip-grant-tables. # For advice on how to change settings please see # http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html [m

CentOS初始化Mysql5.7密码

/etc/init.d/mysql stopmysqld_safe --user=mysql --skip-grant-tables --skip-networking &mysql -u root mysql update user set authentication_string=password('123456') where user='root';FLUSH PRIVILEGES;exit; /etc/init.d/mysql restartmysql -uroot -pEnter

mysql5.7密码复杂度修改

报错如下: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements1临时修改方法 # mysql -uroot -ppassw0rd mysql> SHOW VARIABLES LIKE 'validate_password%';+--------------------------------------+--------+| Variable_name | Value |+-----

Linux 用户密码与安全策略

用户及用户密码安全: linux和windows一样是用用户账户管理操作系统的. linux用户有两类: 1:系统用户 2:登陆用户系统用户是系统以特定的身份完成某些服务的账户,无法登陆.而登陆用户是我们平时用得最多的.登陆用户可分为两类 登陆用户: 1:超级用户 2:普通用户 超级用户就是root. 普通用户就是平时用来管理系统,可登陆的普通账户,普通账户的权限是受到权限的,登陆的普通账户只能做权限内的事情.Linux操作系统不以用户名来识别用户,是以UDI,以用户标识来识别用户的.在cent