Password Validation with simple_password_check
for MariaDB Xpand
This page is part of MariaDB's Documentation.
The parent of this page is: Authentication for MariaDB Xpand
Topics on this page:
Overview
MariaDB Xpand supports password requirement enforcement.
Compatibility
Xpand Series | First Supported Version |
---|---|
5.3 | N/A |
6 | 6.0.4 |
Password Validation
When password validation is enabled, a check is performed when setting a new password to ensure that password meets requirements. Existing passwords are not impacted by these requirements.
Enable Password Validation
To require password validation, enable it with the simple_password_check
global system variable.
The simple_password_check
value can be set with a SET
statement as long as the user has the SUPER
privilege:
SET GLOBAL simple_password_check = true;
Note that the password-related variables don't have a separate session value in addition to the global value, so changing a global password variable causes the new value to be applied to all sessions.
Configure Password Requirements
Password requirements are configured using system variables. Password requirements are only validated if simple_password_check = true
is set.
Each of the following global variables can be set to an integer value from 0 to 1000:
Global variable set to integer "n" | New password must contain |
---|---|
| at least "n" digit characters (0-9) |
| at least "n" lowercase letters and "n" uppercase letters |
| at least "n" characters in total length |
| at least "n" non-digit, non-alpha characters |
Note that the password-related variables don't have a separate session value in addition to the global value, so changing a global password variable causes the new value to be applied to all sessions.
Prevent Hashing
When password validation has been enabled by setting the simple_password_check
variable to true
, password restrictions can be further enforced with the strict_password_validation
which, when set to true
disallows passwords from being set with hashes.
When a password is set by hash, the password's character makeup is not visible to the server, so the server cannot enforce requirements.
The strict_password_validation
value can be set with a SET
statement:
SET GLOBAL strict_password_validation = true;
Note that the password-related variables don't have a separate session value in addition to the global value, so changing a global password variable causes the new value to be applied to all sessions.