防止MySQL使用空密码登录
[英]Prevent MySQL login with empty password
问题描述
I created a new user with: 
我创建了一个新用户:
CREATE USER 'foobar'@'%';
...and I was rather disturbed to find that this user was allowed to log in, using an empty password! ...我很不高兴地发现该用户被允许使用空密码登录!
> select host, user, authentication_string from mysql.user where user = 'foobar';
+------+--------+-----------------------+
| host | user | authentication_string |
+------+--------+-----------------------+
| % | foobar | |
+------+--------+-----------------------+
- How can I prevent users logging in with empty passwords? 如何防止用户使用空密码登录?
- Alternatively, is there a way to create a user with some sort of invalid password so they cannot login until their password is updated? 或者,是否可以使用无效密码创建用户,以便他们在更新密码之前无法登录?
1 个解决方案
解决方案1
1 已采纳 2018-02-10 06:18:09
Use 采用
CREATE USER 'username'@'hostname' IDENTIFIED BY 'new_password' PASSWORD EXPIRE;
Which will create a password that can only be used once and will require the user to choose a new password at login. 这将创建只能使用一次的密码,并且将要求用户在登录时选择新密码。
Suggest if you are creating and issuing passwords you use a random generator to create an initial random password and then share it securely. 建议您是否要创建和发行密码,请使用随机生成器创建初始随机密码,然后安全地共享它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.