阅读量:0
目录
2. 批量生成密码,并用 MySQL 密码策略管理插件验证密码强度
2. 批量生成密码,并用 MySQL 密码策略管理插件验证密码强度
MySQL 版本:8.0.16
需求:
- 批量生成 100 个密码。
- 密码长度统一为 16 个字符。
- 密码中包含数字、大小写字母、特殊字符。
一、初始实现
1. 创建生成密码的函数
use test; drop function if exists fn_GenerateStrongPassword; delimiter // create function fn_GenerateStrongPassword(length int) returns varchar(255) no sql begin declare allowedchars varchar(128) default 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()-_=+[]{}\|;:,./?'; declare returnstr varchar(255) default ''; declare i int default 0; while i < length do set returnstr = concat(returnstr, substring(allowedchars, floor(1 + rand() * 87), 1)); set i = i + 1; end while; return returnstr; end // delimiter ;说明:
- 密码长度为入参。
- 从构成密码的 88 个预定义字符中随机取 16 个字符。
2. 批量生成密码,并用 MySQL 密码策略管理插件验证密码强度
validate_password 是 MySQL 默认的密码管理策略插件,可通过配置对用户密码长度、强度进行管理。
(1)安装密码验证插件
mysql> install plugin validate_password soname 'validate_password.so'; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> show plugins; +---------------------------------+----------+--------------------+----------------------+---------+ | Name | Status | Type | Library | License | +---------------------------------+----------+--------------------+----------------------+---------+ | binlog | ACTIVE | STORAGE ENGINE | NULL | GPL | | mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL | ... | mysqlx_cache_cleaner | ACTIVE | AUDIT | NULL | GPL | | validate_password | ACTIVE | VALIDATE PASSWORD | validate_password.so | GPL | +---------------------------------+----------+--------------------+----------------------+---------+ 45 rows in set (0.00 sec) mysql>(2)设置密码验证策略参数
mysql> show variables like 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | ON | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.00 sec) mysql> set global validate_password_length=16; Query OK, 0 rows affected (0.01 sec) mysql> set global validate_password_policy=2; Query OK, 0 rows affected (0.00 sec) mysql>密码验证策略参数说明如下表:
参数 | 默认值 | 描述 |
validate_password_check_user_name | OFF | 设置为 ON 时表示能将密码设置为当前用户名 |
validate_password_dictionary_file | 用于检查密码的字典文件的文件名,默认为空。 | |
validate_password_length | 8 | 密码的最小长度 |
validate_password_mixed_case_count | 1 | 如果密码策略是中等或更强,validate_password要求密码具有的小写和大写字符的最小数量。 |
validate_password_number_count | 1 | 密码必须包含的数字个数。 |
validate_password_policy | MEDIUM | 密码强度检验等级,可以使用数值0、1、2或LOW、MEDIUM、STRONG来指定。 |
validate_password_special_char_count | 1 | 密码必须包含的特殊字符个数。 |
MySQL 密码强度等级定义如下表:
密码规则 | 强度得分 |
Length < 4 | 0 |
Length >= 4 and < validate_password_length | 25 |
Satisfies policy 1(LOW:只验证长度) | 50 |
Satisfies policy 2(MEDIUM:验证长度、数字、大小写字母、特殊字符) | 75 |
Satisfies policy 3(STRONG:验证长度、数字、大小写字母、特殊字符、字典文件) | 100 |
(3)批量生成密码并获取强度
mysql> select password, strength, if(r=1,n,'') n -> from (select password, strength, -> row_number() over (partition by strength order by password desc) n, -> rank() over (partition by strength order by password) r -> from (select password, validate_password_strength(password) strength -> from (select test.fn_GenerateStrongPassword(16) password from mysql.help_topic limit 100) t -> order by strength, password) t) t; +------------------+----------+----+ | password | strength | n | +------------------+----------+----+ | ,/bn@p0/&?3m(5(h | 50 | 13 | | C.=IK]tLPhb-jd=n | 50 | | | cfveQz/gH@Qu#?%) | 50 | | | E(?W&x.eCQO=},hU | 50 | | | H:YeTO%I@K}B=DiO | 50 | | | Jc{NUCco!lRg}B=A | 50 | | | Mkxar?F=nv$a*;C( | 50 | | | OFLhjyj7clYQ0gwf | 50 | | | rCeyxOVDet.paOAl | 50 | | | sLUEn#t[#glN+.wF | 50 | | | TGCRVsKNd*}m?V#h | 50 | | | tooBiSy[Vj{qsT:r | 50 | | | Ulhd|U+@eizri]pt | 50 | | | _JQw&pTf%1%?6C5x | 100 | 87 | | -#u|}*w+1Iq#oYIx | 100 | | | -7{NXS)1U=7(d$5. | 100 | | | ,{4PO}pnv#?##Oij | 100 | | | !^@BJixcD1auoia! | 100 | | | ?[ICQL7jQmt!]B|7 | 100 | | | .Y.k6/]VbQFF0Mim | 100 | | | (8/_x)y.cr|bARWx | 100 | | | (rYx4F}O11tz^c(/ | 100 | | | [S}cJ.ZgY88E0Os7 | 100 | | | ]:fRz:[Wk:E:8Y+W | 100 | | | @fkK@I^0s:h2^fa( | 100 | | | #6hPifc,07sg!F6t | 100 | | | #AB4wFcgAAX.k8fw | 100 | | | %9s:l*ZYk+/C7G_i | 100 | | | ^*6}1wQ6_sXooBgJ | 100 | | | ^EMnK4:)x[Yz9Z+Z | 100 | | | =d2:|$/7Ja)h:PUw | 100 | | | =moJVP$CG]EhH7ra | 100 | | | |^js$jyh2&hglJ7l | 100 | | | |99H[rGvk]f4cs?B | 100 | | | 1.dyz3xMJ@L.V(L@ | 100 | | | 15KmO}oh|Fcfu.n_ | 100 | | | 1A@!K}D|3E{LOc%! | 100 | | | 2l*14G;Zk--35H.8 | 100 | | | 4^?2k#ETWtLSw^im | 100 | | | 6PJ3]Zy2vFiI0CT3 | 100 | | | 8r.wHmUy%b$$QrS/ | 100 | | | 90K.3tvXh!DW$jyg | 100 | | | 9I+nqP-#p6^|xYg5 | 100 | | | 9Z=Uh)+=0;XdSIPp | 100 | | | AF}P4$-|m}l:E{MT | 100 | | | AMyi3=IJ=f#TJOkp | 100 | | | bm6+HyxU)Rf-;rqC | 100 | | | c#3[Vi_|h6fAB0X0 | 100 | | | c+w0#X5V$lJ3:)w_ | 100 | | | C=z}9#Z^f?*b8G(: | 100 | | | C$&0n5*c$6gH8vsA | 100 | | | CKlFJ.3rkb0QDtg@ | 100 | | | CMw,btdW62k%L]om | 100 | | | D!W2LBzT!b|Yj)$C | 100 | | | d/&?2fRBfG9CY}*x | 100 | | | e),C%)-9/_x)x[2M | 100 | | | e%9n9ceo8{O5(lu# | 100 | | | f{Ea/}4Kq7*?W*Ao | 100 | | | fEV60TQ++$pZNPb5 | 100 | | | GTTbUZHmXHvg2-Ew | 100 | | | i^Z4JmRf**ZXeW3P | 100 | | | Ip9;1rrHCPK4;%a# | 100 | | | J_bU1MI5gJ_.A5C6 | 100 | | | Jeehyl-^FQFE7BW_ | 100 | | | k(8/=ChK[i]mf]vX | 100 | | | L%VN4*igjBvA^.U% | 100 | | | LVLRu80QAgOg.5C0 | 100 | | | m{g9tf2[XpsS|fY9 | 100 | | | M&16OHSKUM197xC- | 100 | | | M%Pls68Jc[DeueSK | 100 | | | md%@CMu=YA(kr2Q1 | 100 | | | Mfa)g;NPa3gUKTDk | 100 | | | N!t.rg&0p#s(L9s, | 100 | | | nnBl9iI0DZ{$fc/- | 100 | | | o,yV[^s#hq9}OYR& | 100 | | | O*25Ida;4JlK@E1: | 100 | | | q7)f=kb@1_INe;R9 | 100 | | | qLY3Igs)P{j-_0b; | 100 | | | Rh;Kxg1^f?&.QRf* | 100 | | | s%q45D$!COHSKXZs | 100 | | | s2Js-Uov!=lhd:2s | 100 | | | STh+f9zHfmSnu!]z | 100 | | | t#ea]N13C^[h&7bg | 100 | | | tFkTv6V%q7^[cV4T | 100 | | | TGyyW.qbUZHmVB|7 | 100 | | | TM4=Es/zR48TVnoF | 100 | | | Ty+P^N:IlP.NDC1e | 100 | | | tZC)lr2OP/OK8o*Q | 100 | | | U_46H,2suU;j@DRO | 100 | | | u_Ule_j/1fSGDZ}& | 100 | | | u$fdcb?|4JjDE#6j | 100 | | | Ulf|LI9yB#^4+JM. | 100 | | | V(L9p-1U[&Ao{aD9 | 100 | | | V=31i9q[*EG(|sx9 | 100 | | | wQ9.(jjs@a-mu$d. | 100 | | | WT|i9p&J9vnb3hXZ | 100 | | | x*nHOpQ|nbZ]0=ox | 100 | | | X8#5cr{;,/eywLJ$ | 100 | | | X9%#J*(3@#SDo(Vz | 100 | | | Z|]5Y.iZ4Kq0;WaF | 100 | | +------------------+----------+----+ 100 rows in set (0.00 sec) mysql> 从查询结果可以看到,有 13 个密码的强度得分为 50,原因是使用随机函数循环取得 16 个字符,有一定的概率不能完全覆盖到数字、大小写字母和特殊字符。如 Mkxar?F=nv$a*;C( 中就没有数字。经过多次测试,约有 10% - 20% 会出现这种情况。
二、改进实现
1. 创建生成密码的函数
use test; drop function if exists fn_GenerateStrongPassword; delimiter // create function fn_GenerateStrongPassword(length int) returns varchar(255) no sql begin declare allowedchars varchar(128) default 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()-_=+[]{}\|;:,./?'; declare rand_min int default 1; declare rand_max int default length(allowedchars); declare regexp_str varchar(128) default '^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]).{16}$'; declare returnstr varchar(255) default ''; declare i int default 0; add_loop:loop set returnstr = ''; set i = 0; -- 密码长度为入参 while i < length do set returnstr = concat(returnstr, substring(allowedchars, floor(rand_min + rand() * (rand_max - rand_min)), 1)); set i = i + 1; end while; -- 用正则函数判断强度,区分大小写 if not regexp_like(returnstr,regexp_str,'c') then iterate add_loop; -- 不满足需求则重新生成密码 else leave add_loop; -- 满足需求则退出循环 end if; end loop add_loop; -- 返回符合需求的密码 return returnstr; end // delimiter ;说明:
- 增加一层外循环,用于迭代生成一个完整的密码。
- 用正则函数 regexp_like 判断强度,不满足需求则重新生成密码,满足需求则退出循环,然后返回结果。注意要使用区分大小写的匹配类型(regexp_like 的第三个参数设置为 'c')。
- 正则表达式说明:
^ 代表开始。
(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]) 用四个肯定顺序环视零宽断言对字符进行判定。
(?=.*[a-z]) 判断小写字母是否存在。
(?=.*[A-Z]) 判断大写字母是否存在。
(?=.*[0-9]) 判断数字是否存在。
(?=.*[^a-zA-Z0-9]) 判断特殊字符是否存在。
.{16} 代表任意 16 个字符。
$ 代表结尾。
2. 批量生成密码,并用 MySQL 密码策略管理插件验证密码强度
mysql> select password, strength, if(r=1,n,'') n -> from (select password, strength, -> row_number() over (partition by strength order by password desc) n, -> rank() over (partition by strength order by password) r -> from (select password, validate_password_strength(password) strength -> from (select test.fn_GenerateStrongPassword(16) password from mysql.help_topic limit 100) t -> order by strength, password) t) t; +------------------+----------+-----+ | password | strength | n | +------------------+----------+-----+ | _i:MJ7m9ciGX#?$& | 100 | 100 | | _mpO*XO206rbQGI+ | 100 | | | ,MFNr3T@gs)N)$yn | 100 | | | ;OSoAal5=CfEU4X| | 100 | | | ;rsN3^?4rh-]?xF? | 100 | | | !a}U:m[:i7cn7[JJ | 100 | | | !DSXB[KQnBjZ2D)g | 100 | | | .;$.1k^UDhJ&!t,k | 100 | | | .{1B$)+_59TTe9zK | 100 | | | (8,%|C=z|$.1k&XS | 100 | | | (J2=KTHF3fMc&[eZ | 100 | | | (Vx#+mjhmM*5-u89 | 100 | | | [MYXg9ug0yxV{=XA | 100 | | | {1D=w#}D/{UaH{Hr | 100 | | | }cJ;PZS%yl)@o5@0 | 100 | | | @xoc5p|j$M.QXEdo | 100 | | | *d*]bLkzj6,)u9*} | 100 | | | &r3V_YHo9,@%3+LW | 100 | | | #u||[ZC+GxrsMY1v | 100 | | | %1!({h!CRQ.IfiDG | 100 | | | ^(9eo9?=Cewm,E+A | 100 | | | ^*6|3D_qJQqS,zZg | 100 | | | ^v})FD1cDY]9)b4j | 100 | | | +@fiCE%^Z1vMN,Jp | 100 | | | =Q[,k#DPFG%0wqmm | 100 | | | |_N%K-{aD7C2i7cm | 100 | | | |R@mTsO8chDNt&x. | 100 | | | $,Y/re4fI*&WKM;H | 100 | | | 0{JzyR4!6o_#mQd@ | 100 | | | 26NyeJ[qA;*qTe8x | 100 | | | 2l=_8+z+O!r_32ob | 100 | | | 2MGUYy8W@?$))6_v | 100 | | | 3hTIH$1^c=qGAJlK | 100 | | | 4_Dm0kO/T6#!G0K. | 100 | | | 4+LYXk{mc!Ps7!Z& | 100 | | | 48U3R6^{sB.[P#zw | 100 | | | 5C0W79Ot!;T)Tpy{ | 100 | | | 5V%s#iu[9=pBeCNy | 100 | | | 7(d%8m5*hc{IAB7L | 100 | | | 72eJ}B_w*qVnlr3T | 100 | | | 8,$]ooDo=%xeOpP- | 100 | | | 89LhlHTO^O/V&yfM | 100 | | | 8gztx7V!:1pf&#CK | 100 | | | 9/_u80QCp[=43rmk | 100 | | | asbPBm^K(&Qg}C|4 | 100 | | | bzMBwE,$]oqM2&f. | 100 | | | c-g]uO6]R&P?X=YB | 100 | | | C3n]aF^&181:,;(w | 100 | | | CiSv0^%Sv80Py,,| | 100 | | | dAJkFNoP]cOv-M9n | 100 | | | DZ,/ezA7Ox,?iRu4 | 100 | | | eBKmP|tC/:$:Q2Xa | 100 | | | F{MPh.2oaQN(7:@^ | 100 | | | fnYMRlpP=_47KkEF | 100 | | | GCQO+,qg*^Ob7AS6 | 100 | | | gRBdyz1n,D-mqTe7 | 100 | | | gZ!-aV9-h:QXIvh8 | 100 | | | hAvB)pL2^e{GmZT+ | 100 | | | IhwbzLyi7ds};:{9 | 100 | | | ijyhZ87yJs(M#K=c | 100 | | | Ir_1OTrO@t|:am0l | 100 | | | JOhe/$-]/tpu1D]M | 100 | | | Jxn;tA_Dm8?;7X-O | 100 | | | k0n9.*f|LFV52k^R | 100 | | | k296q.zW|;]4U%r0 | 100 | | | kFKc[Cbfxm;wP22v | 100 | | | l3#-}j%Sw^imN(!n | 100 | | | lGQzan^H1=Q]:i2& | 100 | | | liis#hq0/^|z!8yC | 100 | | | LK(&Rmu!}JAxMH4b | 100 | | | MlDxC_u5U#hr%r@e | 100 | | | ng]w3F]JDOAn-!gt | 100 | | | nJY73i4]Ve2;(w-K | 100 | | | nnAgM?3qd5iWQ&N{ | 100 | | | o%EOx.cvnd@VUd1{ | 100 | | | oQ}i%UFtdTP(3!9B | 100 | | | pnv^ju_SbW#d,02? | 100 | | | qL198ARXFjM+e4dz | 100 | | | r%t)K2_FxwQ8|Ynb | 100 | | | RZNQje}NTu3Lzm+[ | 100 | | | S+&EG_ja8Ke/^;D} | 100 | | | s0]C.+KTChL}y8V9 | 100 | | | Smt51gX1A#%3(oJT | 100 | | | Su5W*FI{A-w^kzgS | 100 | | | T6$$TFuh@G8zKu}+ | 100 | | | TJM?4trCds,n].sk | 100 | | | TN6.=IG0L?!Y$b_q | 100 | | | Tv6Y[9-f-:xQ39X& | 100 | | | U4Y?wxYk__9|V/xG | 100 | | | Uj,PSljlFI{C{Wf5 | 100 | | | V!|Q6-qO%J#Rv#.4 | 100 | | | VJJ-|j%Tz}0$7hI# | 100 | | | vpnt9^)^K^184l$F | 100 | | | W@:V+#ht=ZHn1Yj^ | 100 | | | W9*|vKG3an$zux7V | 100 | | | X5T9]EgFV54tsJI% | 100 | | | Y{(Bp;l[?D9MnK5/ | 100 | | | yQZQ8,@*&XMVGug4 | 100 | | | Z87ARWC,(nDuolly | 100 | | | zcwsx!*-%CB4spu6 | 100 | | +------------------+----------+-----+ 100 rows in set (0.01 sec) mysql>从查询结果可以看到,所有 100 个密码强度得分都是 100,完全满足需求。因为不满足需求的情况不到 20%,所以不用担心外层循环陷入无休止的迭代中。当然必须指出,这版实现使用的是“判错重来”方式,会有不到 20% 的内层 while 循环做了无用功。
3. 卸载密码验证插件
mysql> uninstall plugin validate_password; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> show plugins; +---------------------------------+----------+--------------------+---------+---------+ | Name | Status | Type | Library | License | +---------------------------------+----------+--------------------+---------+---------+ | binlog | ACTIVE | STORAGE ENGINE | NULL | GPL | | mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL | ... | mysqlx | ACTIVE | DAEMON | NULL | GPL | | mysqlx_cache_cleaner | ACTIVE | AUDIT | NULL | GPL | +---------------------------------+----------+--------------------+---------+---------+ 44 rows in set (0.00 sec) mysql> show variables like 'validate_password%'; Empty set (0.00 sec) mysql>