blob: 2e706115bd11f87cb2071227404fd7cedaa7f7cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
install soname "simple_password_check";
select * from information_schema.plugins where plugin_name='simple_password_check';
PLUGIN_NAME simple_password_check
PLUGIN_VERSION 1.0
PLUGIN_STATUS ACTIVE
PLUGIN_TYPE PASSWORD VALIDATION
PLUGIN_TYPE_VERSION 1.0
PLUGIN_LIBRARY simple_password_check.so
PLUGIN_LIBRARY_VERSION 1.14
PLUGIN_AUTHOR Sergei Golubchik
PLUGIN_DESCRIPTION Simple password strength checks
PLUGIN_LICENSE GPL
LOAD_OPTION ON
PLUGIN_MATURITY Stable
PLUGIN_AUTH_VERSION 1.0
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_DIGITS
SESSION_VALUE NULL
GLOBAL_VALUE 1
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 1
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Minimal required number of digits
NUMERIC_MIN_VALUE 0
NUMERIC_MAX_VALUE 1000
NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_LETTERS_SAME_CASE
SESSION_VALUE NULL
GLOBAL_VALUE 1
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 1
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Minimal required number of letters of the same letter case.This limit is applied separately to upper-case and lower-case letters
NUMERIC_MIN_VALUE 0
NUMERIC_MAX_VALUE 1000
NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_MINIMAL_LENGTH
SESSION_VALUE NULL
GLOBAL_VALUE 8
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 8
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Minimal required password length
NUMERIC_MIN_VALUE 0
NUMERIC_MAX_VALUE 1000
NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME SIMPLE_PASSWORD_CHECK_OTHER_CHARACTERS
SESSION_VALUE NULL
GLOBAL_VALUE 1
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 1
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Minimal required number of other (not letters or digits) characters
NUMERIC_MIN_VALUE 0
NUMERIC_MAX_VALUE 1000
NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
create user foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1;
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
grant select on *.* to foo1;
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
Warnings:
Warning 1292 Adjusted the value of simple_password_check_minimal_length from 8 to 10
set global simple_password_check_other_characters=3;
Warnings:
Warning 1292 Adjusted the value of simple_password_check_minimal_length from 10 to 12
show variables like 'simple_password_check_%';
Variable_name Value
simple_password_check_digits 3
simple_password_check_letters_same_case 3
simple_password_check_minimal_length 12
simple_password_check_other_characters 3
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
create user foo1 identified by '-23:qwe:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:4we:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:4SD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:ASD4';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:ASD!';
set password for foo1 = password('qwe:-23:ASD!');
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = old_password('4we:123:ASD!');
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = password('qwe:123:4SD!');
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = old_password('qwe:123:ASD4');
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = password('qwe:123:ASD!');
select @@strict_password_validation;
@@strict_password_validation
1
set password for foo1 = '';
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = '2222222222222222';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
set password for foo1 = '11111111111111111111111111111111111111111';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
create user foo2 identified by password '11111111111111111111111111111111111111111';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
grant select on *.* to foo2 identified by password '2222222222222222';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
ERROR HY000: The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement
create user foo2 identified with mysql_native_password using '';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo2 identified with mysql_old_password using '';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo2 identified with mysql_old_password;
ERROR HY000: Your password does not satisfy the current policy requirements
update mysql.global_priv set priv=json_set(priv, '$.authentication_string', 'xxx') where user='foo1';
set global strict_password_validation=0;
set password for foo1 = '';
ERROR HY000: Your password does not satisfy the current policy requirements
set password for foo1 = '2222222222222222';
set password for foo1 = '11111111111111111111111111111111111111111';
create user foo2 identified by password '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified by password '2222222222222222';
drop user foo2;
create user foo2 identified with mysql_native_password using '11111111111111111111111111111111111111111';
drop user foo2;
grant select on *.* to foo2 identified with mysql_old_password using '2222222222222222';
drop user foo2;
set global strict_password_validation=1;
drop user foo1;
create role r1;
drop role r1;
flush privileges;
uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;
|
