To tylko jedna z 2 stron tej notatki. Zaloguj się aby zobaczyć ten dokument.
Zobacz
całą notatkę
Security improvements. These security improvements were made:
• MySQL now provides a method for storing authentication credentials encrypted in an option file
named .mylogin.cnf. To create the file, use the mysql_config_editor utility. The file can
be read later by MySQL client programs to obtain authentication credentials for connecting to a
MySQL server. mysql_config_editor writes the .mylogin.cnf file using encryption so the
credentials are not stored as clear text, and its contents when decrypted by client programs are
used only in memory. In this way, passwords can be stored in a file in non-cleartext format and
used later without ever needing to be exposed on the command line or in an environment variable.
For more information, see Section 4.6.6, “mysql_config_editor — MySQL Configuration
Utility”.
• MySQL now supports stronger encryption for user account passwords, available through an
authentication plugin named sha256_password that implements SHA-256 password hashing.
This plugin is built in, so it is always available and need not be loaded explicitly. For more
information, including instructions for creating accounts that use SHA-256 passwords, see
Section 6.3.7.2, “The SHA-256 Authentication Plugin”.
• The mysql.user table now has a password_expired column. Its default value is 'N', but
can be set to 'Y' with the new ALTER USER statement. After an account's password has been
expired, all operations performed in subsequent connections to the server using the account result
in an error until the user issues a SET PASSWORD statement to establish a new account password.
For more information, see Section 13.7.1.1, “ALTER USER Syntax”.
• MySQL now has provision for checking password security:
• In statements that assign a password supplied as a cleartext value, the value is checked
against the current password policy and rejected if it is weak (the statement returns an
ER_NOT_VALID_PASSWORD [4252] error). This affects the CREATE USER, GRANT, and SET
PASSWORD statements. Passwords given as arguments to the PASSWORD() [1283] and
OLD_PASSWORD() [1283] functions are checked as well.
• The strength of potential passwords can be assessed using the new
VALIDATE_PASSWORD_STRENGTH() [1285] SQL function, which takes a password argument
and returns an integer from 0 (weak) to 100 (strong).
Both capabilities are implemented by the validate_password plugin. For more information, see
Section 6.1.2.6, “The Password Validation Plugin”.
• mysql_upgrade now produces a warning if it finds user accounts with passwords hashed
... zobacz całą notatkę
Komentarze użytkowników (0)