I created a new user with:
CREATE USER 'foobar'@'%';
...and I was rather disturbed to find that this user was allowed to log in, using an empty password!
> select host, user, authentication_string from mysql.user where user = 'foobar';
+------+--------+-----------------------+
| host | user | authentication_string |
+------+--------+-----------------------+
| % | foobar | |
+------+--------+-----------------------+
Use
CREATE USER 'username'@'hostname' IDENTIFIED BY 'new_password' PASSWORD EXPIRE;
Which will create a password that can only be used once and will require the user to choose a new password at login.
Suggest if you are creating and issuing passwords you use a random generator to create an initial random password and then share it securely.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.