[英]Prevent MySQL login with empty password
I created a new user with: 我创建了一个新用户:
CREATE USER 'foobar'@'%';
...and I was rather disturbed to find that this user was allowed to log in, using an empty password! ...我很不高兴地发现该用户被允许使用空密码登录!
> select host, user, authentication_string from mysql.user where user = 'foobar';
+------+--------+-----------------------+
| host | user | authentication_string |
+------+--------+-----------------------+
| % | foobar | |
+------+--------+-----------------------+
Use 采用
CREATE USER 'username'@'hostname' IDENTIFIED BY 'new_password' PASSWORD EXPIRE;
Which will create a password that can only be used once and will require the user to choose a new password at login. 这将创建只能使用一次的密码,并且将要求用户在登录时选择新密码。
Suggest if you are creating and issuing passwords you use a random generator to create an initial random password and then share it securely. 建议您是否要创建和发行密码,请使用随机生成器创建初始随机密码,然后安全地共享它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.