ApsaraDB for MyBase allows you to configure a policy that defines password strength rules for your database instance. This ensures the security of your database.
Prerequisites
Your database instance runs MySQL 5.7. The instance edition is High-availability Edition.
The minor engine version of your database instance is updated to the latest version. For more information, see Update the minor engine version of an ApsaraDB RDS for MySQL instance.
Overview
If a database instance runs MySQL 5.7, you can use the validate_password
plug-in to specify the following password complexity rules. The system validates the password of your database account based on the specified rules.
Specifies whether the password can be the same as the username.
The length of the password.
The number of letters in the password.
The number of digits in the password.
The number of special characters in the password.
The strength of the password.
Step 1: Install the validate_password plug-in
Connect to your ApsaraDB MyBase for MySQL instance. For more information, see Use a database client or the CLI to connect to an ApsaraDB MyBase for MySQL instance.
NoteYou must use the privileged account of your ApsaraDB RDS for MySQL instance to connect to the instance. For more information, see Create a database account.
Execute the following statement in the SQL window to install the
validate_password
plug-in:INSTALL PLUGIN validate_password SONAME 'validate_password.so';
Execute the following statement in the SQL window to check whether the validate_password plug-in is installed:
SHOW GLOBAL VARIABLES LIKE 'validate_password%';
If information similar to the following figure is returned, the validate_password plug-in is installed.
Step 2: Configure password policy parameters
Log on to the ApsaraDB for MyBase console.
In the upper-left corner of the page, select a region.
In the left-side navigation pane, choose .
Find the instance that you want to manage and click Details in the Actions column. In the left-side navigation pane, click Parameters.
Configure the loose_validate_password parameters. The following table describes these parameters.
NoteBefore you configure the following parameters, make sure that the validate_password plug-in is installed based on the instructions in Step 1: Install the validate_password plug-in. Otherwise, the configuration does not take effect.
Parameter
Description
loose_validate_password_check_user_name
Specifies whether the password can be the same as the username. Valid values:
ON: The password can be the same as the username.
OFF: The password cannot be the same as the username.
Default value: OFF.
validate_password_policy
The strength of the password. Valid values:
0: The strength of the password is low. The system checks only the length of the password.
1: The strength of the password is medium. The system checks the password length, digits, letters, and special characters.
2: The strength of the password is strict. The system checks the password length, digits, letters, special characters, and the dictionary file.
NoteThe dictionary file cannot be specified. This indicates that the value 1 and the value 2 specify the same password strength.
Default value: 1.
validate_password_length
The length of the password. Valid values: 0 to 256.
Default value: 8.
validate_password_number_count
The number of digits in the password. Valid values: 0 to 256.
Default value: 1.
validate_password_mixed_case_count
The number of letters in the password. Valid values: 0 to 256.
Default value: 1.
validate_password_special_char_count
The number of special characters in the password. Valid values: 0 to 256.
Default value: 1.
NoteFor information about how to create an account, see Create a database account.
For more information about how to configure a password, see MySQL documentation.