MYSQL8 用户增强

部分删除

set PERSIST partial_revokes=on;
针对.赋权情况，需要部分清除某些库权限，需要配置该参数

个人密码(安全)

1. 密码保留期限 alter user password expire ***
2. 修改密码 password_require_current=on --修改密码需要提供老密码
3. 双密码 --alter user identified by "" retain current password /线上修改应用密码
   alter user discard old password
4. 随机密码 create user 'u1' identified by random password,'u2' identified by random password
5. 失败锁定 create user 'u1'identified by '' failed_login_attempts 3 password_lock_times 3;
   alter user 'u1' failed_login_attempts 3 password_lock_time unbounded;

SSL认证

Plugin

1. 登录控制Plugin
   INSTALL PLUGIN CONNECTION_CONTROL SONAME 'connection_control.so';
   INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS SONAME 'connection_control.so';
   show plugins;/select PLUGIN_NAME, PLUGIN_STATUS from INFORMATION_SCHEMA.PLUGINS where PLUGIN_NAME like 'connection%';
   root@localhost:mysql.sock [(none)]>show variables like "connection_control%";
   +-------------------------------------------------+------------+
   | Variable_name | Value |
   +-------------------------------------------------+------------+
   | connection_control_failed_connections_threshold | 3 |
   | connection_control_max_connection_delay | 2147483647 |
   | connection_control_min_connection_delay | 1000 |
   +-------------------------------------------------+------------+
   [mysqld]
   plugin-load-add=connection_control.so
   connection-control=FORCE_PLUS_PERMANENT
   connection-control-failed-login-attempts=FORCE_PLUS_PERMANENT
   connection_control_failed_connections_threshold=5
   connection_control_max_connection_delay=2147483647
   connection_control_min_connection_delay=1500

2. 密码校验Plugin
   INSTALL COMPONENT 'file://component_validate_password';
   //插件 SELECT PLUGIN_NAME, PLUGIN_LIBRARY, PLUGIN_STATUS, LOAD_OPTION FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'validate_password';
   //组件 SELECT * FROM mysql.component;
   

3. 其他企业版Plugin
   Data Masking