ApsaraDB for MyBase allows you to configure a policy that defines password strength rules for your database instance. This ensures the security of your database.
- A database instance that uses one of the following configurations is created:
- MySQL 5.7, Basic Edition
- MySQL 5.7, High-availability Edition
- The database instance is upgraded to the latest minor version of the kernel. For more information, see Update the minor engine version of an ApsaraDB RDS for MySQL instance.
- The password must be 8 to 32 characters in length.
- The password of the account must contain at least three of the following character types: letters, digits, and special characters.
- The special characters include exclamation points (!),@#$%^&*()_+-=
validate_passwordplug-in to specify the following password complexity rules. The system validates the password of your database account based on the specified rules.
- A rule that specifies whether the password and the username can be the same
- The length of the password
- The number of letters in the password
- The number of digits in the password
- The number of special characters in the password
- The level of password strength validation
Step 1: Install the validate_password plug-in
- Connect to an ApsaraDB RDS for MySQL instance.
- In the SQL window, execute the following statement to install the
INSTALL PLUGIN validate_password SONAME 'validate_password.so';
- In the SQL window, execute the following statement to verify that the plug-in is installed:
SHOW GLOBAL VARIABLES LIKE 'validate_password%';The following figure shows an example of the return result. This output indicates that the plug-in is installed.
Step 2: Configure password policy parameters
- Log on to the ApsaraDB for MyBase console.
- In the upper-left corner of the page, select the region where you want to deploy the dedicated cluster.
- In the left-side navigation pane, click Instances. On the page that appears, find the instance that you want to manage, and modify
the configuration of the instance.
- To modify the configuration of a MyBase for MySQL instance or a MyBase for PostgreSQL instance, click More in the Actions column. Then, select from the drop-down list.
- To modify the configuration of a MyBase for SQL Server instance, click Change Specifications in the Actions column.
- Find the instance for which you want to configure password policy parameters and click the instance ID. On the instance details page, click Parameters in the left-side navigation pane.
- Configure the loose_validate_password parameters. The following table describes these parameters. Note Before you configure the following parameters, ensure that the validate_password plug-in is installed as described in Step 1: Install the validate_password plug-in. Otherwise, the configuration does not take effect.
Parameter Description loose_validate_password_check_user_name Specifies whether the password and the username can be the same. Valid values:
- ON: The password and the username can be the same.
- OFF: The password and the username must be different.
Default value: OFF.
validate_password_policy The level of password strength validation. Valid values:
- 0: loose. The system checks only the password length.
- 1: medium. The system checks the password length, digits, letters, and special characters.
- 2: strict. The system checks the password length, numbers, letters, special characters,
and the dictionary file.
Note The dictionary file cannot be specified. Therefore, the system checks the same items regardless of whether you set this parameter to 1 or 2.
Default value: 1.
validate_password_length The length of the password. Valid values: 0 to 256.
Default value: 8.
validate_password_number_count The number of digits in the password. Valid values: 0 to 256.
Default value: 1.
validate_password_mixed_case_count The number of letters in the password. Valid values: 0 to 256.
Default value: 1.
validate_password_special_char_count The number of special characters in the password. Valid values: 0 to 256.
Default value: 1.Note
- For information about how to create an account, see Create an account on an ApsaraDB RDS for MySQL instance.
- For more information about how to configure a password, see MySQL documentation.