http://www.innomysql.com/article/25717.html
[root@server-mysql plugin]# pwd /usr/local/mysql56/lib/plugin [root@server-mysql plugin]# ll total 2184 -rwxr-xr-x. 1 root mysql 15437 Sep 19 2015 adt_null.so -rwxr-xr-x. 1 root mysql 25619 Sep 19 2015 auth.so -rwxr-xr-x. 1 root mysql 12364 Sep 19 2015 auth_socket.so -rwxr-xr-x. 1 root mysql 25072 Sep 19 2015 auth_test_plugin.so -rw-r--r--. 1 root mysql 227 Sep 18 2015 daemon_example.ini drwxr-xr-x. 2 root mysql 4096 Dec 11 2015 debug -rwxr-xr-x. 1 root mysql 573478 Sep 19 2015 innodb_engine.so -rwxr-xr-x. 1 root mysql 42321 Sep 19 2015 libdaemon_example.so -rwxr-xr-x. 1 root mysql 584295 Sep 19 2015 libmemcached.so -rwxr-xr-x. 1 root mysql 17539 Sep 19 2015 mypluglib.so -rwxr-xr-x. 1 root mysql 11913 Sep 19 2015 mysql_no_login.so -rwxr-xr-x. 1 root mysql 18151 Sep 19 2015 qa_auth_client.so -rwxr-xr-x. 1 root mysql 23798 Sep 19 2015 qa_auth_interface.so -rwxr-xr-x. 1 root mysql 12926 Sep 19 2015 qa_auth_server.so -rwxr-xr-x. 1 root mysql 421090 Sep 19 2015 semisync_master.so -rwxr-xr-x. 1 root mysql 250206 Sep 19 2015 semisync_slave.so -rwxr-xr-x. 1 root mysql 157141 Sep 19 2015 validate_password.so
my.cnf加入:
plugin-load=validate_password.so validate-password=FORCE_PLUS_PERMANENT
mysql> SHOW PLUGINS; +----------------------------+----------+--------------------+----------------------+---------+ | Name | Status | Type | Library | License | +----------------------------+----------+--------------------+----------------------+---------+ | binlog | ACTIVE | STORAGE ENGINE | NULL | GPL | | mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL | | mysql_old_password | ACTIVE | AUTHENTICATION | NULL | GPL | | sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL | | MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL | | MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL | | MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL | | CSV | ACTIVE | STORAGE ENGINE | NULL | GPL | | InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL | | INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL | | BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL | | FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL | | ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL | | partition | ACTIVE | STORAGE ENGINE | NULL | GPL | | validate_password | ACTIVE | VALIDATE PASSWORD | validate_password.so | GPL | +----------------------------+----------+--------------------+----------------------+---------+ 43 rows in set (0.01 sec)
mysql> set password=password("123"); ERROR 1819 (HY000): Your password does not satisfy the current policy requirements mysql> set password=password("Aa@1"); ERROR 1819 (HY000): Your password does not satisfy the current policy requirements mysql> set password=password("Aa@12345"); Query OK, 0 rows affected (0.01 sec)
mysql> show variables like "%password%"; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | disconnect_on_expired_password | ON | | old_passwords | 0 | | report_password | | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 9 rows in set (0.00 sec)
参数validate_password_length用于设置密码的最小长度,默认值为8。
参数validate_password_policy表示密码策略,可设置的值有: 0 or LOW 仅需需符合密码长度(由参数validate_password_length指定) 1 or MEDIUM 满足LOW策略,同时还需满足至少有1个数字,小写字母,大写字母和特殊字符 2 or STRONG 满足MEDIUM策略,同时密码不能存在字典文件(dictionary file)中
可以发现PVP强大之处还在于其在STRONG模式下还能设置字典文件,字典中存在的密码不得使用。
可以通过参数validate_password_dictionary_file来设置字典文件。不过就Inside君来看,貌似MEDIUM策略的安全性已足够高了。