Database Reference
In-Depth Information
23.4. Checking Password Strength
Problem
You want to assign or change a password but verify first that it's not weak.
Solution
Use the VALIDATE_PASSWORD_STRENGTH() function.
Discussion
The validate_password plug-in not only implements policy for new passwords, it
provides a SQL function, VALIDATE_PASSWORD_STRENGTH() , that enables strength test‐
ing of prospective passwords. Uses for this function include:
• An administrator wants to check passwords to be assigned to new accounts.
• An individual user wants to choose a new password but seeks assurance in advance
how strong it is.
To use VALIDATE_PASSWORD_STRENGTH() , the validate_password plug-in must be en‐
abled. For plug-in installation instructions, see Recipe 22.2 .
VALIDATE_PASSWORD_STRENGTH() returns a value from 0 (weak) to 100 (strong):
mysql> SELECT VALIDATE_PASSWORD_STRENGTH('abc') ;
+-----------------------------------+
| VALIDATE_PASSWORD_STRENGTH('abc') |
+-----------------------------------+
| 0 |
+-----------------------------------+
mysql> SELECT VALIDATE_PASSWORD_STRENGTH('weak-password');
+---------------------------------------------+
| VALIDATE_PASSWORD_STRENGTH('weak-password') |
+---------------------------------------------+
| 50 |
+---------------------------------------------+
mysql> SELECT VALIDATE_PASSWORD_STRENGTH('Str0ng-Pa33w@rd');
+-----------------------------------------------+
| VALIDATE_PASSWORD_STRENGTH('Str0ng-Pa33w@rd') |
+-----------------------------------------------+
| 100 |
+-----------------------------------------------+
Search WWH ::




Custom Search