Prevent MySQL login with empty password
Question
I created a new user with:
CREATE USER 'foobar'@'%';
...and I was rather disturbed to find that this user was allowed to log in, using an empty password!
> select host, user, authentication_string from mysql.user where user = 'foobar';
+------+--------+-----------------------+
| host | user | authentication_string |
+------+--------+-----------------------+
| % | foobar | |
+------+--------+-----------------------+
- How can I prevent users logging in with empty passwords?
- Alternatively, is there a way to create a user with some sort of invalid password so they cannot login until their password is updated?
1 answers
solution1
1 ACCPTED 2018-02-10 06:18:09
Use
CREATE USER 'username'@'hostname' IDENTIFIED BY 'new_password' PASSWORD EXPIRE;
Which will create a password that can only be used once and will require the user to choose a new password at login.
Suggest if you are creating and issuing passwords you use a random generator to create an initial random password and then share it securely.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Prevent MySQL login with no user or password
MySQL Password Login Code?
Password login not functioning in MySQL
Totally bizzare: deleting a MySQL user allows me to still login as that user with an empty password
Login & password change PHP & MYsql
NodeJs MySQL Login With Hash Password
php login to mysql encrypted password
prevent mysql user change password of other user
Can't Login To MySQL After Changing Password
PHP login using MySQL data and hashed password
Related Tags