Deprecated: Function Yoast\WP\SEO\Conditionals\Schema_Blocks_Conditional::get_feature_flag is deprecated since version Yoast SEO 20.5 with no alternative available. in /home1/minerho3/public_html/wp-includes/functions.php on line 6078

Deprecated: Function Yoast\WP\SEO\Conditionals\Schema_Blocks_Conditional::get_feature_flag is deprecated since version Yoast SEO 20.5 with no alternative available. in /home1/minerho3/public_html/wp-includes/functions.php on line 6078

Deprecated: Function Yoast\WP\SEO\Conditionals\Schema_Blocks_Conditional::get_feature_flag is deprecated since version Yoast SEO 20.5 with no alternative available. in /home1/minerho3/public_html/wp-includes/functions.php on line 6078

Warning: Cannot modify header information - headers already sent by (output started at /home1/minerho3/public_html/wp-includes/functions.php:6078) in /home1/minerho3/public_html/wp-includes/feed-rss2.php on line 8
MySQL - MariaDB - ClickHouse - InnoDB - Galera Cluster - MySQL Support - MariaDB Support - MySQL Consulting - MariaDB Consulting - MySQL Remote DBA - MariaDB Remote DBA - Emergency DBA Support - Remote DBA - Database Migration - PostgreSQL - PostgreSQL Consulting - PostgreSQL Support - PostgreSQL Remote DBA http://minervadb.com/index.php/category/mysql-password/ Committed to Building Optimal, Scalable, Highly Available, Fault-Tolerant, Reliable and Secured WebScale Database Infrastructure Operations Sat, 21 Sep 2019 12:07:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://minervadb.com/wp-content/uploads/2017/10/cropped-LogoColorTextRight-32x32.jpeg MySQL - MariaDB - ClickHouse - InnoDB - Galera Cluster - MySQL Support - MariaDB Support - MySQL Consulting - MariaDB Consulting - MySQL Remote DBA - MariaDB Remote DBA - Emergency DBA Support - Remote DBA - Database Migration - PostgreSQL - PostgreSQL Consulting - PostgreSQL Support - PostgreSQL Remote DBA http://minervadb.com/index.php/category/mysql-password/ 32 32 MySQL 8 Password Validation with validate_password component https://minervadb.com/index.php/2019/09/21/mysql-8-password-validation-with-validate_password-component/ Sat, 21 Sep 2019 12:05:26 +0000 http://minervadb.com/?p=2719 Properly planned MySQL Password Management is the first step to protect your database We at MinervaDB provide MySQL and  MariaDB Database Security Audit (Please read about our Security Practice at MinervaDB Consulting Page) for our [...]

The post MySQL 8 Password Validation with validate_password component appeared first on The WebScale Database Infrastructure Operations Experts.

]]> Properly planned MySQL Password Management is the first step to protect your database

We at MinervaDB provide MySQL and  MariaDB Database Security Audit (Please read about our Security Practice at MinervaDB Consulting Page) for our customers globally, We don’t go easy with password management .. Weaker passwords are serious security threats and we highly recommend stronger passwords. Technically Password Validation is about the policies that every new password must comply and this task is taken care by validate_password component in MySQL, You have several system variables to configure validate_password component and status variables to monitor

To use validate_password component you must install it first:

Verify if validate_password component is installed:

mysql> select * from mysql.component;

Empty set (0.00 sec)

We have successfully verified validate_password component is not installed 👆

Install validate_password component next and confirm:

mysql> INSTALL COMPONENT 'file://component_validate_password';

Query OK, 0 rows affected (0.01 sec)

mysql> select * from mysql.component;

+--------------+--------------------+------------------------------------+

| component_id | component_group_id | component_urn                      |

+--------------+--------------------+------------------------------------+

|            4 |                  4 | file://component_validate_password |

+--------------+--------------------+------------------------------------+

1 row in set (0.00 sec)

Validate_component system variables :

mysql> SHOW VARIABLES LIKE 'validate_password.%';

+--------------------------------------+--------+

| Variable_name                        | Value  |

+--------------------------------------+--------+

| validate_password.check_user_name    | ON     |

| validate_password.dictionary_file    |        |

| validate_password.length             | 8      |

| validate_password.mixed_case_count   | 1      |

| validate_password.number_count       | 1      |

| validate_password.policy             | MEDIUM |

| validate_password.special_char_count | 1      |

+--------------------------------------+--------+

7 rows in set (0.06 sec)

Validate_component system variables are explained very well in MySQL documentation here – https://dev.mysql.com/doc/refman/8.0/en/validate-password-options-variables.html

Password Validation Component Status Variables

Once validate_password component is enabled, We will have access to MySQL status variables that provide operational information:

mysql> SHOW STATUS LIKE 'validate_password.%';

+-----------------------------------------------+---------------------+

| Variable_name                                 | Value               |

+-----------------------------------------------+---------------------+

| validate_password.dictionary_file_last_parsed | 2019-09-21 01:45:41 |

| validate_password.dictionary_file_words_count | 0                   |

+-----------------------------------------------+---------------------+

2 rows in set (0.02 sec)

Validate_component in action

Simple and easy passwords are not accepted any loner, Let’s test that now:

mysql> create user 'shiv'@'localhost' identified by 'minervadb'; 

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

Works when we set much better password:

mysql> create user 'shiv'@'localhost' identified by 'Ind@19#47';

Query OK, 0 rows affected (0.02 sec)

mysql>

We will make it even better with password expiry management, i.e. user (shiv) should be changing password every 30 days:

mysql> alter user 'shiv'@'localhost' PASSWORD EXPIRE INTERVAL 30 DAY;

Query OK, 0 rows affected (0.01 sec)

Let’s confirm the password expiry of 30 days configured  for user “shiv”:

mysql> select password_last_changed, password_lifetime from mysql.user where user='shiv';

+-----------------------+-------------------+

| password_last_changed | password_lifetime |

+-----------------------+-------------------+

| 2019-09-21 15:46:11   |                30 |

+-----------------------+-------------------+

1 row in set (0.01 sec)

Dual Active passwords (Thank you Booking.com for this feature request)

We can configure MySQL 8.0 (since8.0.14) with Primary and Secondary Passwords (dual password mechanism), This feature is really helpful in production when changing the password, We have explained it below:

mysql> select version();

+-----------+

| version() |

+-----------+

| 8.0.17    |

+-----------+

1 row in set (0.01 sec)

mysql> alter user 'shiv'@'localhost' identified by 'India#19@47' retain current password;

Query OK, 0 rows affected (0.02 sec)

mysql>

You can discard old password of the user “shiv” when appropriate, Let’s do that next:

mysql> ALTER USER 'shiv'@'localhost' DISCARD OLD PASSWORD;

Query OK, 0 rows affected (0.00 sec)

Conclusion

MySQL 8.0 password management is very interesting, Much better and secured database infrastructure operations is made possible without much complications, We have already customers on this feature, At WebScale the database security is very important to protect the best interests of every stakeholder., Hope you enjoyed reading this blog, Thank you !

The post MySQL 8 Password Validation with validate_password component appeared first on The WebScale Database Infrastructure Operations Experts.

]]>