This topic describes how to configure a custom password policy for an ApsaraDB RDS for MySQL instance. You can use custom password policies to ensure the security of your RDS instance.
Prerequisites
- Your RDS instance runs one of the following database engine versions and RDS editions:
- MySQL 5.7 on RDS Basic Edition
- MySQL 5.7 on RDS High-availability Edition
- The minor engine version of your RDS instance is updated to the latest version. For more information, see Update the minor engine version of an ApsaraDB RDS for MySQL instance.
Precautions
When you configure or modify a custom password policy in the ApsaraDB RDS console, the custom password policy cannot take precedence over the following default password
policy:
- The password must be 8 to 32 characters in length.
- The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
- The password can contain any of the following special characters: ! @ # $ % ^ & * ( ) _ + - =
Introduction
If your RDS instance runs MySQL 5.7, you can use the validate_password
plug-in to configure a custom password policy that is used to check password complexity.
A custom password policy contains the following password complexity rules:
- Whether the password can be the same as the username
- The length of the password
- The number of uppercase letters and lowercase letters in the password
- The number of digits in the password
- The number of special characters in the password
- The strength of the password