mirror of
https://github.com/MariaDB/server.git
synced 2025-01-31 19:11:46 +01:00
2300fe2e0e
* Extract it into the "encryption_scheme" service. * Make these engines to use the service, remove duplicate code. * Change MY_AES_xxx error codes, to return them safely from encryption_scheme_encrypt/decrypt without conflicting with ENCRYPTION_SCHEME_KEY_INVALID error
151 lines
6.6 KiB
Text
151 lines
6.6 KiB
Text
install soname "simple_password_check";
|
|
select * from information_schema.plugins where plugin_name='simple_password_check';
|
|
PLUGIN_NAME simple_password_check
|
|
PLUGIN_VERSION 1.0
|
|
PLUGIN_STATUS ACTIVE
|
|
PLUGIN_TYPE PASSWORD VALIDATION
|
|
PLUGIN_TYPE_VERSION 1.0
|
|
PLUGIN_LIBRARY simple_password_check.so
|
|
PLUGIN_LIBRARY_VERSION 1.11
|
|
PLUGIN_AUTHOR Sergei Golubchik
|
|
PLUGIN_DESCRIPTION Simple password strength checks
|
|
PLUGIN_LICENSE GPL
|
|
LOAD_OPTION ON
|
|
PLUGIN_MATURITY Alpha
|
|
PLUGIN_AUTH_VERSION 1.0
|
|
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_DIGITS
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of digits
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_LETTERS_SAME_CASE
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of letters of the same letter case.This limit is applied separately to upper-case and lower-case letters
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_MINIMAL_LENGTH
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 8
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 8
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required password length
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_OTHER_CHARACTERS
|
|
SESSION_VALUE NULL
|
|
GLOBAL_VALUE 1
|
|
GLOBAL_VALUE_ORIGIN COMPILE-TIME
|
|
DEFAULT_VALUE 1
|
|
VARIABLE_SCOPE GLOBAL
|
|
VARIABLE_TYPE INT UNSIGNED
|
|
VARIABLE_COMMENT Minimal required number of other (not letters or digits) characters
|
|
NUMERIC_MIN_VALUE 0
|
|
NUMERIC_MAX_VALUE 1000
|
|
NUMERIC_BLOCK_SIZE 1
|
|
ENUM_VALUE_LIST NULL
|
|
READ_ONLY NO
|
|
COMMAND_LINE_ARGUMENT REQUIRED
|
|
create user foo1 identified by 'pwd';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
grant select on *.* to foo1 identified by 'pwd';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
|
|
drop user `BarFoo1!`;
|
|
create user foo1 identified by 'aA.12345';
|
|
drop user foo1;
|
|
set global simple_password_check_digits=3;
|
|
set global simple_password_check_letters_same_case=3;
|
|
set global simple_password_check_other_characters=3;
|
|
show variables like 'simple_password_check_%';
|
|
Variable_name Value
|
|
simple_password_check_digits 3
|
|
simple_password_check_letters_same_case 3
|
|
simple_password_check_minimal_length 12
|
|
simple_password_check_other_characters 3
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
drop user foo1;
|
|
create user foo1 identified by '-23:qwe:ASD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
create user foo1 identified by '123:4we:ASD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
create user foo1 identified by '123:qwe:4SD!';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
create user foo1 identified by '123:qwe:ASD4';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
create user foo1 identified by '123:qwe:ASD!';
|
|
set password for foo1 = password('qwe:-23:ASD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = old_password('4we:123:ASD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = password('qwe:123:4SD!');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = old_password('qwe:123:ASD4');
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = password('qwe:123:ASD!');
|
|
select @@strict_password_validation;
|
|
@@strict_password_validation
|
|
1
|
|
set password for foo1 = '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
|
|
create user foo2 identified with mysql_native_password using '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
grant select on *.* to foo2 identified with mysql_old_password;
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
update mysql.user set password='xxx' where user='foo1';
|
|
set global strict_password_validation=0;
|
|
set password for foo1 = '';
|
|
ERROR HY000: Your password does not satisfy the current policy requirements
|
|
set password for foo1 = '2222222222222222';
|
|
set password for foo1 = '11111111111111111111111111111111111111111';
|
|
create user foo2 identified by password '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified by password '2222222222222222';
|
|
drop user foo2;
|
|
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
|
|
drop user foo2;
|
|
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
|
|
drop user foo2;
|
|
set global strict_password_validation=1;
|
|
drop user foo1;
|
|
uninstall plugin simple_password_check;
|
|
create user foo1 identified by 'pwd';
|
|
drop user foo1;
|