Password complexity
To prevent malicious password attacks, seekdb users can set password complexity rules to verify user login credentials and enhance database security. This topic describes how to set password complexity rules for seekdb login users.
Overview
In seekdb, users can set a series of system variables to define password complexity rules. When creating or modifying a user's password, the system checks the password against these rules. If the password does not meet the requirements, an error is returned. The following table lists the relevant system variables:
| Variable | Description | Usage |
|---|---|---|
| validate_password_check_user_name | Specifies whether to check whether the password is the same as the username. |
|
| validate_password_length | Specifies the minimum password length. | Default value: 0. |
| validate_password_mixed_case_count | Specifies the minimum number of uppercase and lowercase letters in the password. | Default value: 0. |
| validate_password_number_count | Specifies the minimum number of digits in the password. | Default value: 0. |
| validate_password_policy | Specifies the password check strategy. |
|
| validate_password_special_char_count | Specifies the minimum number of special characters in the password. | Default value: 0. |
Set password complexity
In a production environment, we recommend that you set the password length to 20 characters, including digits, uppercase letters, lowercase letters, and special characters. The lower the password complexity, the higher the risk of the password being cracked. For example, a password that contains the username or repeated characters is easy to be cracked. For security reasons, ensure that the passwords of users have high complexity.
This section provides an example of setting password complexity rules to meet the following requirements: the password length is at least 8 characters, the password contains at least 3 uppercase letters, 3 lowercase letters, and 1 special character, the password cannot be the same as the username, and the check strategy is medium.
-
Log in to seekdb as the
rootuser.mysql -h127.0.0.1 -uroot -P2881 -
Set password complexity rules by using system variables.
SET GLOBAL validate_password_check_user_name=on;
SET GLOBAL validate_password_length=8;
SET GLOBAL validate_password_mixed_case_count=3;
SET GLOBAL validate_password_special_char_count=1;
SET GLOBAL validate_password_policy='medium'; -
Log in to seekdb again to verify whether the variables take effect.
SHOW VARIABLES LIKE 'validate%';+--------------------------------------+--------+
+--------------------------------------+--------+
| VARIABLE_NAME | VALUE |
+--------------------------------------+--------+
| validate_password_check_user_name | off |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 3 |
| validate_password_number_count | 0 |
| validate_password_policy | medium |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
6 rows in set (0.00 sec) -
Verify the password complexity.
Create two users and set the passwords to meet the requirements and not meet the requirements, respectively.
CREATE USER sectest1 IDENTIFIED BY '******';ERROR 1819 (HY000): Your password does not satisfy the current policy
requirementsCREATE USER sectest1 IDENTIFIED BY '***1_%';Query OK, 0 rows affectedIf the password complexity rules are not met, the user creation fails.