MySQL 8随机密码生成器
在MySQL8.0.18中引入了随机密码生成功能,create user、alter user、set password语句可以为用户生成随机密码,而不再需要管理员显式指定密码。
缺省情况下,所有MySQL生成的随机账户密码一共有20个字符的长度。不过,这是可以修改的,通过变量generated_random_password_length指定,有效范围是从5--255个字符。该变量是动态变量,可以在会话级别、全局级别进行设置。
```
mysql> SHOW variables LIKE 'generated_random_password_length';
+----------------------------------+-------+
| Variable_name | Value |
+----------------------------------+-------+
| generated_random_password_length | 20 |
+----------------------------------+-------+
1 row in set (0.01 sec)
```
一旦随机密码生成,密码被身份验证插件进行hash后存在mysql.user表中,生成的随机密码会以明文的形式返回给用户,这样用户或应用才可以使用密码:
```
mysql> CREATE USER 'percona'@'localhost' IDENTIFIED BY RANDOM PASSWORD;
+---------+-----------+----------------------+
| user | host | generated password |
+---------+-----------+----------------------+
| percona | localhost | k%RJ51/kA>,B(74;DBq2 |
+---------+-----------+----------------------+
1 row in set (0.02 sec)
mysql> ALTER USER 'percona'@'localhost' IDENTIFIED BY RANDOM PASSWORD;
+---------+-----------+----------------------+
| user | host | generated password |
+---------+-----------+----------------------+
| percona | localhost | eX!EOssQ,(Hn4dOdw6Om |
+---------+-----------+----------------------+
1 row in set (0.01 sec)
mysql> SET PASSWORD FOR 'percona'@'localhost' TO RANDOM;
+---------+-----------+----------------------+
| user | host | generated password |
+---------+-----------+----------------------+
| percona | localhost | 5ohXP2LBTTPzJ+7oEDL4 |
+---------+-----------+----------------------+
1 row in set (0.00 sec)
```
生成的随机密码明文以哈希的形式存储,除了最初生成随机密码的语句会以明文的形式返回给用户外,别的地方无法看到明文。
身份验证插件也随着hash密码一同写入二进制日志。例如,下面就是从日志中挖出的内容:
```
CREATE USER 'percona'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*5978ACEA46C1B81C7BEE2D1470ED1B002FE6840B'
ALTER USER 'percona'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*2994ECB14E21A8333C8C2DEDF38311EB714D500C'
```