db/mysql

mysql8 password()

C/H 2022. 4. 1. 01:11

- MySQL 5.7 update after my.conf

mysql8

mysql user 비밀번호 변경

# install default `sudo mysql` login
ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket BY 'password';
flush privileges;

# `mysql -uroot -p` login
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
flush privileges;
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';
flush privileges;

mysql8 validate_password.policy plugin 설치
mysql8은 password() 함수를 지원하지 않는다.

install plugin

INSTALL PLUGIN validate_password SONAME 'validate_password.so';
flush privileges;

SHOW VARIABLES LIKE 'validate_password%';
+------------------------------------+------+
|Variable_name                       |Value |
+------------------------------------+------+
|validate_password_check_user_name   |ON    |
|validate_password_dictionary_file   |      |
|validate_password_length            |8     |
|validate_password_mixed_case_count  |1     |
|validate_password_number_count      |1     |
|validate_password_policy            |MEDIUM|
|validate_password_special_char_count|1     |
+------------------------------------+------+
SET GLOBAL validate_password_policy=LOW;
SET GLOBAL validate_password_length=4;

SHOW VARIABLES LIKE 'validate_password%';
+------------------------------------+-----+
|Variable_name                       |Value|
+------------------------------------+-----+
|validate_password_check_user_name   |ON   |
|validate_password_dictionary_file   |     |
|validate_password_length            |4    |
|validate_password_mixed_case_count  |1    |
|validate_password_number_count      |1    |
|validate_password_policy            |LOW  |
|validate_password_special_char_count|1    |
+------------------------------------+-----+

UNINSTALL PLUGIN validate_password;

서버를 재시작하면 기존설정으로 되돌아간다.

mysql_secure_installation 설정

보안설정, root비밀번호 변경

sudo mysql_secure_installation
[sudo] username의 암호: 

Securing the MySQL server deployment.

Enter password for user root: 

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0
Using existing password for root.

Estimated strength of the password: 50 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : 

 ... skipping.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : 

 ... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : 

 ... skipping.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!
SHOW VARIABLES LIKE 'validate_password%';
+------------------------------------+------+
|Variable_name                       |Value |
+------------------------------------+------+
|validate_password.check_user_name   |ON    |
|validate_password.dictionary_file   |      |
|validate_password.length            |8     |
|validate_password.mixed_case_count  |1     |
|validate_password.number_count      |1     |
|validate_password.policy            |MIDIUM|
|validate_password.special_char_count|1     |
+------------------------------------+------+

SET GLOBAL validate_password.policy=LOW;
SET GLOBAL validate_password.length=4;
SHOW VARIABLES LIKE 'validate_password%';
+------------------------------------+-----+
|Variable_name                       |Value|
+------------------------------------+-----+
|validate_password.check_user_name   |ON   |
|validate_password.dictionary_file   |     |
|validate_password.length            |4    |
|validate_password.mixed_case_count  |1    |
|validate_password.number_count      |1    |
|validate_password.policy            |LOW  |
|validate_password.special_char_count|1    |
+------------------------------------+-----+

mysql8에서 password() 함수는 아예 존재하지 않으니 mysql user password 외 비밀번호는 아래 해싱 함수를 이용하자.

  • md5('password') length:32
  • sha1('password') length:40
  • sha2('password', 256) length:64
  • sha2('password', 512) length:128

mysql user 등록, 권한 설정

CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON scheme.* TO 'username'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON scheme.tablename TO 'username'@'localhost' WITH GRANT OPTION;

flush privileges;

pop-os 에서 mysql8 설치 후 관리용 정보확인

`/etc/mysql/debian.cnf`  파일에 관리용 계정 정보가 존재한다.

 

반응형