{"id":2156,"date":"2018-03-07T11:05:56","date_gmt":"2018-03-07T10:05:56","guid":{"rendered":"http:\/\/dasini.net\/blog\/?p=2156"},"modified":"2020-05-27T07:33:45","modified_gmt":"2020-05-27T06:33:45","slug":"mysql-security-password-management","status":"publish","type":"post","link":"https:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/","title":{"rendered":"MySQL Security \u2013 Password Management"},"content":{"rendered":"<p>When thinking about security within a MySQL installation, you should consider a wide range of possible procedures \/ best practices and how they affect the security of your MySQL server and related applications. MySQL provides many tools \/ features \/ plugins in order to protect your data including some advanced features like <a href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\" rel=\"noopener noreferrer\">Transparent Data Encryption aka TDE<\/a>,\u00a0<a href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\" rel=\"noopener noreferrer\">Audit<\/a>, <a href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Data Masking &amp; De-Identification (opens in a new tab)\">Data Masking &amp; De-Identification<\/a>, <a href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\" rel=\"noopener noreferrer\">Firewall<\/a>, <a href=\"http:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">Password Validation Plugin<\/a>,\u00a0<a href=\"http:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/\" target=\"_blank\" rel=\"noopener noreferrer\">User Account Locking<\/a>, <a href=\"http:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Connection-Control Plugins<\/a>, etc&#8230;<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=169%2C179\" alt=\"MySQL Security\" width=\"169\" height=\"179\" \/><\/p>\n<p>Some regulations required\u00a0that the <strong>password is renewed in a timely and appropriate manner<\/strong> (e.g. every 90 days). In this article, 2nd of the <strong>MySQL\u00a0 Security<\/strong> series, we will see how to establish a policy for password expiration\u00a0with MySQL 5.7\u00a0<em><a href=\"https:\/\/dev.mysql.com\/doc\/mysql-security-excerpt\/5.7\/en\/password-management.html\" target=\"_blank\" rel=\"noopener noreferrer\">Password\u00a0Management<\/a><\/em>.<\/p>\n<h2>Password Management<\/h2>\n<p>Basic password policy practices teaches us :<\/p>\n<ul>\n<li>Each user must have a password<\/li>\n<li>A user&rsquo;s password should be changed periodically<\/li>\n<\/ul>\n<p>MySQL provides password-expiration capability, which enables database administrators to require that users reset their password.<\/p>\n<p>Let&rsquo;s have a closer look!<\/p>\n<pre class=\"lang:sh decode:true \">$ mysql -u root -p<\/pre>\n<pre class=\"lang:mysql decode:true\">mysql {root}&gt; \nSELECT VERSION();\n+------------+\n| VERSION()  |\n+------------+\n| 5.7.21-log |\n+------------+\n<\/pre>\n<p>Basically there are different clauses a DBA can use with <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/create-user.html\" target=\"_blank\" rel=\"noopener noreferrer\">CREATE USER<\/a> or <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/alter-user.html\" target=\"_blank\" rel=\"noopener noreferrer\">ALTER USER<\/a> to establish a per account password expiration policy.<\/p>\n<p>Let&rsquo;s play with some of them.<\/p>\n<h3>PASSWORD EXPIRE<\/h3>\n<p>Force user to change its password at the first connection.<\/p>\n<pre class=\"lang:mysql decode:true\" title=\"Mark the password expired\">-- Mark the password expired so that the user must choose a new one at the first connection to the server\nmysql {root}&gt; \nCREATE USER 'aUser'@'localhost' IDENTIFIED BY 'AutoGeneratedPwd' PASSWORD EXPIRE;\n\nSELECT user, host, password_lifetime, password_expired, password_last_changed FROM mysql.user WHERE user = 'aUser'\\G\n*************************** 1. row ***************************\n                 user: aUser\n                 host: localhost\n    password_lifetime: NULL\n     password_expired: Y\npassword_last_changed: 2018-02-08 14:22:24<\/pre>\n<p>Note that\u00a0<em><strong>password_expired<\/strong><\/em> column is <strong>Y<\/strong>.<\/p>\n<p>This new MySQL user will be able to connect to the server but he must reset its password.<\/p>\n<pre class=\"lang:mysql decode:true\">$ mysql -u aUser -p\n...\n\nmysql {aUser}&gt; \nERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.\n\nALTER USER 'aUser'@'localhost' IDENTIFIED BY 'new_passw0rd';\nQuery OK, 0 rows affected (0.00 sec)\n\n\nSELECT USER();\n+-----------------+\n| USER()          |\n+-----------------+\n| aUser@localhost |\n+-----------------+<\/pre>\n<p>Column <em><strong>password_expired<\/strong><\/em>\u00a0is now\u00a0<strong>N<\/strong>.<\/p>\n<pre class=\"lang:mysql decode:true\">mysql {root}&gt; \nSELECT user, host, password_lifetime, password_expired, password_last_changed FROM mysql.user WHERE user = 'aUser'\\G\n*************************** 1. row ***************************\n                 user: aUser\n                 host: localhost\n    password_lifetime: NULL\n     password_expired: N\npassword_last_changed: 2018-02-08 14:23:50<\/pre>\n<h3>PASSWORD EXPIRE INTERVAL N DAY<\/h3>\n<p>Force user to change its password every N days.<\/p>\n<pre class=\"lang:mysql decode:true\" title=\"Require that a new password be chosen every 90 days\">mysql {root}&gt; \n-- Require that a new password be chosen every 90 days:\nCREATE USER 'aNewUser'@'localhost' IDENTIFIED BY 'n3w_password'  PASSWORD EXPIRE INTERVAL 90 DAY;\n\nSELECT user, host, password_lifetime, password_expired, password_last_changed FROM mysql.user WHERE user = 'aNewUser'\\G\n*************************** 1. row ***************************\n                 user: aNewUser\n                 host: localhost\n    password_lifetime: 90\n     password_expired: N\npassword_last_changed: 2018-02-08 14:24:53<\/pre>\n<p>Note that\u00a0<em><strong>password_lifetime<\/strong><\/em>\u00a0column is <strong>90<\/strong>.<\/p>\n<p>After 90 days any statement will generate <strong>error 1820<\/strong> :<\/p>\n<pre class=\"lang:mysql decode:true\">$ mysql -u aNewUser -p\n\nmysql {aNewUser}&gt; SELECT USER();\nERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.<\/pre>\n<p>Password could be reset with ALTER USER command :<\/p>\n<pre class=\"lang:mysql decode:true\">mysql {root}&gt;\nALTER USER 'aNewUser'@'localhost' IDENTIFIED BY '4noth3r_password' PASSWORD EXPIRE INTERVAL 90 DAY;<\/pre>\n<h3>PASSWORD EXPIRE NEVER<\/h3>\n<p>It&rsquo;s also possible to disable password expiration for an account<\/p>\n<pre class=\"lang:mysql decode:true\" title=\"Disables password expiration\">mysql {root}&gt;\n-- Disables password expiration for the account so that its password never expires.\nCREATE USER 'pingDB'@'localhost' IDENTIFIED BY 'new_p4ssword' PASSWORD EXPIRE NEVER;\n\nSELECT user, host, password_lifetime, password_expired, password_last_changed FROM mysql.user WHERE user = 'pingDB'\\G\n*************************** 1. row ***************************\n                 user: pingDB\n                 host: localhost\n    password_lifetime: 0\n     password_expired: N\npassword_last_changed: 2018-02-08 14:29:43<\/pre>\n<p>Note that\u00a0<em><strong>password_lifetime<\/strong><\/em>\u00a0column is <strong>0<\/strong>.<\/p>\n<h3>PASSWORD EXPIRE DEFAULT<\/h3>\n<p>This clause sets the account so that the global password expiration policy applies, as specified by the <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/server-system-variables.html#sysvar_default_password_lifetime\" target=\"_blank\" rel=\"noopener noreferrer\"><strong><em>default_password_lifetime<\/em><\/strong><\/a> system variable.<\/p>\n<p>In MySQL 5.7 it applies to accounts that use MySQL built-in authentication methods (accounts that use an authentication plugin of <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/native-pluggable-authentication.html\" target=\"_blank\" rel=\"noopener noreferrer\">mysql_native_password<\/a> or <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/sha256-pluggable-authentication.html\" target=\"_blank\" rel=\"noopener noreferrer\">sha256_password<\/a>).<\/p>\n<p>The default <strong><em>default_password_lifetime<\/em><\/strong> value is <strong>0<\/strong>, which disables automatic password expiration. If the value of <em>default_password_lifetime<\/em> is a positive integer N, it indicates the permitted password lifetime; passwords must be changed every N days.<\/p>\n<p><strong><em>default_password_lifetime<\/em><\/strong> can be changed at runtime with <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/set-variable.html\" target=\"_blank\" rel=\"noopener noreferrer\">SET GLOBAL<\/a> command. However it must be set in the MySQL configuration file for persistence.<\/p>\n<p>e.g.<\/p>\n<pre class=\"lang:sh decode:true\">$ cat my.cnf \n\n[mysqld]\n# global policy that passwords have a lifetime of approximately 3 months\ndefault_password_lifetime=90\n...<\/pre>\n<p>e.g. Create a user account with the default global password policy (90 days)<\/p>\n<pre class=\"lang:mysql decode:true\" title=\"Create a user account with the default global password policy (90 days)\">mysql&gt;\n-- default_password_lifetime set to 90 days\nSET GLOBAL default_password_lifetime = 90;\n\nSHOW VARIABLES LIKE 'default_password_lifetime';\n+---------------------------+-------+\n| Variable_name             | Value |\n+---------------------------+-------+\n| default_password_lifetime | 90    |\n+---------------------------+-------+\n\n-- Sets the account so that the global expiration policy applies, as specified by the default_password_lifetime system variable.\nCREATE USER 'dba'@'localhost' IDENTIFIED BY 'new_pas5word' PASSWORD EXPIRE DEFAULT;\n<\/pre>\n<h2>In order to go further<\/h2>\n<h3>MySQL Security Series<\/h3>\n<ol>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">Password Validation Plugin<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">Password Management<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/\" target=\"_blank\" rel=\"noopener noreferrer\">User Account Locking<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Connection-Control Plugins<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\" rel=\"noopener noreferrer\">Enterprise Audit<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\" rel=\"noopener noreferrer\">Enterprise Transparent Data Encryption (TDE)<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\" rel=\"noopener noreferrer\">Enterprise Firewall<\/a><\/li>\n<li><a href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Enterprise Data Masking and De-Identification (opens in a new tab)\">Enterprise Data Masking and De-Identification<\/a><\/li>\n<\/ol>\n<h3>Reference Manual<\/h3>\n<ul>\n<li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/password-management.html\" target=\"_blank\" rel=\"noopener noreferrer\">MySQL 5.7 Password Management<\/a><\/li>\n<li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/expired-password-handling.html\" target=\"_blank\" rel=\"noopener noreferrer\">MySQL 5.7 Password Expiration and Sandbox Mode<\/a><\/li>\n<\/ul>\n<h3>MySQL Security<\/h3>\n<ul>\n<li><a href=\"https:\/\/dev.mysql.com\/doc\/mysql-security-excerpt\/5.7\/en\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security in MySQL<\/a><\/li>\n<li><a href=\"https:\/\/dev.mysql.com\/doc\/mysql-secure-deployment-guide\/5.7\/en\/\" target=\"_blank\" rel=\"noopener noreferrer\">MySQL 5.7 Secure Deployment Guide<\/a><\/li>\n<li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.7\/en\/security.html\" target=\"_blank\" rel=\"noopener noreferrer\">MySQL 5.7 Reference Manual &#8211; Security<\/a><\/li>\n<\/ul>\n<p>\u00a0<\/p>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><span style=\"text-decoration: underline;\">MySQL Security Serie &#8211; Password Management<\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a aria-label=\"Random Password Generation? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Random Password Generation<\/a><\/li><li><a aria-label=\"Password Expiration Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/21\/mysql-security-password-expiration-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Expiration Policy<\/a><\/li><li><a aria-label=\"Password Reuse Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/28\/mysql-security-password-reuse-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Reuse Policy<\/a><\/li><li><a aria-label=\"Password Verification-Required Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/05\/mysql-security-password-verification-required-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Verification-Required Policy<\/a><\/li><li><a aria-label=\"Failed-Login Tracking and Temporary Account Locking? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/12\/mysql-security-failed-login-tracking-and-temporary-account-locking\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Failed-Login Tracking and Temporary Account Locking<\/a><\/li><li><a href=\"http:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/\" target=\"_blank\" aria-label=\"Dual Password Support (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Dual Password Support<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" class=\"aioseop-link\"><span style=\"text-decoration: underline;\">Olivier&rsquo;s MySQL Channel<\/span><\/a><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/youtu.be\/k4K-scd4oI0\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Establish a policy for password expiration with MySQL\">Establish a policy for password expiration with MySQL<\/a><\/li><li><a href=\"https:\/\/youtu.be\/VND0KvuX7bc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Create users with a random password in MySQL\">Create users with a random password in MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=4z6-dlGT-Mc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Enable restrictions on reuse of previous passwords with MySQL\">Enable restrictions on reuse of previous passwords with MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=1RwlU14TDWk\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Require MySQL users to provide their current password to change it\">Require MySQL users to provide their current password to change it<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=6HO_ciRbiXw\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Temporary Account Locking in MySQL\">Temporary Account Locking in MySQL<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n\n\n\n<div style=\"height:75px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using MySQL!<\/strong><\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/groups\/12524512\/\" target=\"_blank\" rel=\"noopener\" title=\"Olivier DASINI on Linkedin\">Follow me on Linkedin<\/a><\/p>\n\n\n\n<p>Watch my videos on my <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier's MySQL Channel\">YouTube channel<\/a> and <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\/?sub_confirmation=1\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Subscribe\">subscribe<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/www.slideshare.net\/freshdaz\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Slideshare\">Slideshare account<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/speakerdeck.com\/freshdaz\/\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Speaker Deck\">Speaker Deck account<\/a>.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using HeatWave &amp; MySQL!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some regulations required\u00a0that the password is renewed in a timely and appropriate manner (e.g. every 90 days). In this article, 2nd of the MySQL 5.7 Security series, we will see how to\u00a0to establish a policy for password expiration\u00a0with MySQL 5.7\u00a0Password\u00a0Management.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[203,365],"tags":[377,367],"class_list":["post-2156","post","type-post","status-publish","format-standard","hentry","category-mysql-en","category-security","tag-password-management","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9LfWW-yM","jetpack-related-posts":[{"id":2136,"url":"https:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/","url_meta":{"origin":2156,"position":0},"title":"MySQL Security \u2013 Password Validation Plugin","author":"Olivier DASINI","date":"1 mars 2018","format":false,"excerpt":"In this article, 1st of a MySQL 5.7 Security series, we will see how to enforce Strong Passwords with Password Validation Plugin when using MySQL 5.7. Authentication with ID and password is a very simple and common (because it\u2019s simple) way to secure the access to a resource, however the\u2026","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2177,"url":"https:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/","url_meta":{"origin":2156,"position":1},"title":"MySQL Security &#8211; User Account Locking","author":"Olivier DASINI","date":"14 mars 2018","format":false,"excerpt":"For security reasons some context require you to setup a user account locking policy. Thus an unauthorized user is not able (anymore) to login to the MySQL server. In this 3rd article of the\u00a0MySQL 5.7 Security series, we\u00a0will see how to [un]lock a user account.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3557,"url":"https:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/","url_meta":{"origin":2156,"position":2},"title":"MySQL Security &#8211; Random Password Generation","author":"Olivier DASINI","date":"15 avril 2020","format":false,"excerpt":"MySQL has the capability of generating random passwords for user accounts, as an alternative to requiring explicit administrator-specified literal passwords.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/VND0KvuX7bc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3567,"url":"https:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/","url_meta":{"origin":2156,"position":3},"title":"MySQL Security &#8211; Dual Password Support","author":"Olivier DASINI","date":"19 mai 2020","format":false,"excerpt":"Dual-password capability makes it possible to seamlessly perform credential changes without downtime.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2202,"url":"https:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/","url_meta":{"origin":2156,"position":4},"title":"MySQL Security &#8211; The Connection-Control Plugins","author":"Olivier DASINI","date":"29 mars 2018","format":false,"excerpt":"An ordinary threat databases could face is an attempt to discover the password by systematically trying every possible combination (letters, numbers, symbols). This is known as a brute force attack. In this fourth episode of the\u00a0MySQL 5.7 Security series, we will see how the MySQL DBA can leverage the\u00a0Connection-Control Plugins\u2026","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3535,"url":"https:\/\/dasini.net\/blog\/2020\/04\/28\/mysql-security-password-reuse-policy\/","url_meta":{"origin":2156,"position":5},"title":"MySQL Security &#8211; Password Reuse Policy","author":"Olivier DASINI","date":"28 avril 2020","format":false,"excerpt":"MySQL provides password-reuse capability, which allows database administrators to determine the number of unique passwords a user must use before they can use an old password again.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/4z6-dlGT-Mc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/comments?post=2156"}],"version-history":[{"count":20,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2156\/revisions"}],"predecessor-version":[{"id":3728,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2156\/revisions\/3728"}],"wp:attachment":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/media?parent=2156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/categories?post=2156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/tags?post=2156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}