当前位置:网站首页>Mysql5.7 set password policy (etc. three-level password transformation)
Mysql5.7 set password policy (etc. three-level password transformation)
2022-07-01 22:44:00 【Ahuuua】
Catalog
1. View the current configuration
4. Detailed configuration of password policy
Two 、 Set up 60 Days password expiration
3、 ... and 、 Overall change plan
Target password policy
Target password policy : At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .
My version number : 5.7.21
One 、 At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position
1. View the current configuration
show variables like 'validate_password%';
Look up the , my mysql No password verification plug-in
The plug-in should be as follows
Directly in my.cnf The password policy was modified in the configuration file , The system will install the password plug-in for us by default , Otherwise, at the beginning, our database did not install the password plug-in by default .
Refer to this for installing plug-ins :mysql Installing a plug-in validate_password_ Captain 115 The blog of -CSDN Blog _mysql Installing a plug-in
2. View existing plug-ins
View the path of the plug-in show variables like 'plugin_dir';
There's something I need “validate_password.so” This plugin
3. Add the plug-in
modify my.cnf
# The file name of the plug-in library is validate_password. The file name suffix varies according to the platform ( for example ,linux yes .so about Windows yes .dll).
linux add to :
[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENT
Query after restart show variables like 'validate_password%' The results are as follows .
4. Detailed configuration of password policy
Meaning of password policy variables :
validate_password.policy: Password policy , Check the user's password .
0:(Low) Minimum password length 8 Characters
1:(Mediumpolicy) Include at least 1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters ( The default value is )
2:(Strongpolicy) The length is 4 Or longer codon strings must not match words in the dictionary file
validate_password.length: Minimum password characters required , The default is 8
validate_password.number_count: The minimum number of numeric characters required for a password , The default is 1
validate_password.mixed_case_count: The minimum number of lowercase and uppercase characters required for passwords , The default is 1
validate_password.special_char_count: The minimum number of special characters that require a password , The default is 1
validate_password.dictionary_file: The pathname of the dictionary file used to check the password , There is no default
Here's my configuration :
1 A digital ,1 Lowercase letters ,1 Two capital letters and 1 Special characters , least 9 position .
5. Strategy achievement test
Two 、 Set up 60 Days password expiration
select * from mysql.user;
N In order not to expire ,Y Is overdue . The default is N Not overdue .
The statement that sets the password to expire is :alter user ‘ user name ’@‘host’ password expire; Such as :
alter user 'root'@'localhost' password expire;
At this point, enter
select * from mysql.user;
see root Of password_expired The field has changed to Y, When you log in again, you will find that you can't connect , Prompt password expired . The solution is to change the login password .
Check the online statement , You can modify the expiration days ( How many days are overdue ), In days , Such as :
ALTER USER 'root'@'localhost' PASSWORD EXPIRE INTERVAL 30 DAY;
Or change the password to never expire , Such as :
ALTER USER 'root'@'localhost' PASSWORD EXPIRE NEVER;
Or change the password in this way without expiration :
SET GLOBAL default_password_lifetime = 0;
I'm here to execute :
ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;
Execution results :
3、 ... and 、 Overall change plan
Share the final change plan
#----------------
Target password policy
#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position 、60 Days password expiration .#----------------
modify root Password expiration time , No need to restart
#----------------
The master and slave perform the following steps respectively :
1. Change the expiration time
ALTER USER 'root'@'%' PASSWORD EXPIRE INTERVAL 60 DAY;2. View the execution results ,password_lifetime by 60
select * from mysql.user;#----------------
At least one capital 、 At least one lowercase 、 At least one number 、 At least one character 、 Length at least 9 position , Need to restart the database
#----------------0.
Database startup sequence
Stop using -> Stop the database ( First standby, then main ) -> Change configuration -> Start the database ( First, the main backup )-> Application
https://blog.csdn.net/qq_41466440/article/details/1251049621.
Stop using2.
close MySQL Slave Library
a. First, check the current master-slave synchronization status show slave statusG; See if it is double yes
b. perform stop slave
c. Stop the slave Library Service mysqladmin shutdown -u user name -p password (service mysqld stop)
d. See if there's any more mysql The process of ps -ef | grep mysql
d. If multiple instances are deployed , Then each instance should follow the above steps3.
close MySQL Main library
a. Stop the main library service mysqladmin shutdown -u user name -p password (service mysqld stop)
b. See if there's any more mysql The process of ps -ef | grep mysql4.
Edit profile
vim /etc/my.cnf
add to :
[mysqld]
plugin-load-add=validate_password.so
# The server loads the plug-in at startup , And prevent the plug-in from being deleted when the server is running .
validate-password=FORCE_PLUS_PERMANENT
# Password policy
validate_password_policy=1
validate_password_length=95.
start-up MySQL Main library
a. Start the main library service mysqladmin start -u user name -p password (service mysqld start)
b. see mysql The process of ps -ef | grep mysql6.
start-up MySQL Slave Library
a. Start the slave service mysqladmin start -u user name -p password (service mysqld start)
b. Start replication start slave;
c. Check synchronization status show slave statusG; Double or not yes
d. see mysql The process of ps -ef | grep mysql7.
Check whether the plug-in and policy are successfully added
service mysqld restart
show variables like 'validate_password%';
边栏推荐
猜你喜欢
447-哔哩哔哩面经1
Mask wearing detection method based on yolov5
台积电全球员工薪酬中位数约46万,CEO约899万;苹果上调日本的 iPhone 售价 ;Vim 9.0 发布|极客头条
C#/VB. Net to add text / image watermarks to PDF documents
SAP UI5 应用开发教程之一百零四 - SAP UI5 表格控件的支持复选(Multi-Select)以及如何用代码一次选中多个表格行项目
Copy ‘XXXX‘ to effectively final temp variable
Chapter 9 Yunji datacanvas company has been ranked top 3 in China's machine learning platform market
陈天奇的机器学习编译课(免费)
切面条 C语言
Delete AWS bound credit card account
随机推荐
Appium自动化测试基础 — 补充:Desired Capabilities参数介绍
MySQL数据库详细学习教程
园区全光技术选型-中篇
Kubernetes创建Service访问Pod
Compensation des créneaux horaires
Copy ‘XXXX‘ to effectively final temp variable
C#/VB. Net to add text / image watermarks to PDF documents
对象内存布局
【JetCache】JetCache的使用方法与步骤
Relationship and difference between enterprise architecture and project management
Clean up system cache and free memory under Linux
多图预警~ 华为 ECS 与 阿里云 ECS 对比实战
IDA动态调试apk
性能测试计划怎么编写
Mysql——》索引存储模型推演
内存导致的电脑游戏中显示hdmi无信号 从而死机的情况
GenICam GenTL 标准 ver1.5(4)第五章 采集引擎
搜狗微信APP逆向(二)so层
There is no signal in HDMI in computer games caused by memory, so it crashes
Why must digital transformation strategies include continuous testing?