Configure a custom password policy - ApsaraDB RDS - Alibaba Cloud Documentation Center

0.0.201

This topic describes how to configure a custom password policy for an ApsaraDB RDS for MySQL instance. You can use custom password policies to ensure the security of your RDS instance.

Prerequisites

Your RDS instance runs MySQL 5.7.
The minor engine version of your RDS instance is updated to the latest version. For more information, see Update the minor engine version.

Usage notes

When you configure or modify a custom password policy in the ApsaraDB RDS console, the custom password policy cannot take precedence over the following default password policy:

The password must be 8 to 32 characters in length.
The password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.
The password can contain the following special characters: ! @ # $ % ^ & * ( ) _ + - =

Feature description

If your RDS instance runs MySQL 5.7, you can use the validate_password extension to modifies the rules that are used to check password complexity. You must specify the following password complexity rules in a custom password policy:

Whether the password can be the same as the username
The length of the password
The number of uppercase letters and lowercase letters in the password
The number of digits in the password
The number of special characters in the password
The strength of the password

Step 1: Install validate_password

Connect to your RDS instance. For more information, see Connect to an ApsaraDB RDS for MySQL instance.
Note
You must use the privileged account of your RDS instance to connect to your RDS instance. For more information, see Create a privileged account.
Execute the following statement in the SQL window to install validate_password:
```
INSTALL PLUGIN validate_password SONAME 'validate_password.so';
```
Execute the following statement in the SQL window to check whether validate_password is installed:
```
SHOW GLOBAL VARIABLES LIKE 'validate_password%';
```
If information similar to the following figure is returned, validate_password is installed.

Step 2: Configure a custom password policy

Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Parameters.

Configure the parameters whose names are prefixed by loose_validate_password. For more information, see Modify instance parameters.

Note

Before you modify the parameters, you must install validate_password. If validate_password is not installed, the new parameter settings do not take effect. For more information, see Step 1: Install validate_password.

Parameter	Description

Parameter	Description
loose_validate_password_check_user_name	Specifies whether the password can be the same as the username. Valid values: ON: The password can be the same as the username. OFF: The password cannot be the same as the username. Default value: ON.
loose_validate_password_policy	The strength of the password. Valid values: 0: The strength of the password is low. ApsaraDB RDS checks only the length of the password. 1: The strength of the password is medium. In addition to the length of the password, ApsaraDB RDS checks the number of digits, number of uppercase letters and lowercase letters, and number of special characters in the password. 2: The strength of the password is high. ApsaraDB RDS checks the length and dictionary file of the password. In addition, ApsaraDB RDS checks the number of digits, number of uppercase letters and lowercase letters, and number of special characters in the password. Note The dictionary file cannot be specified. This indicates that values 1 and 2 specify the same password strength. Default value: 1.
loose_validate_password_length	The length of the password. Valid values: 0 to 256. Default value: 8. Note The default password policy that is applied in the ApsaraDB RDS console requires a password length of at least eight characters. The length of each password must be greater than or equal to eight characters even if you set this parameter to 5 in the ApsaraDB RDS console. However, you can execute the `SET PASSWORD` statement to change the password length to 5 characters.
loose_validate_password_number_count	The number of digits in the password. Valid values: 0 to 256. Default value: 1.
loose_validate_password_mixed_case_count	The number of uppercase letters and lowercase letters in the password. Valid values: 0 to 256. Default value: 1.
loose_validate_password_special_char_count	The number of special characters in the password. Valid values: 0 to 256. Default value: 1.

Note

For more information, see open source MySQL documentation.

Feedback

Previous: Create an accountNext: Reset the password of an account on an ApsaraDB RDS for MySQL instance

On this page （1）

Prerequisites

Usage notes

Feature description

Step 1: Install validate_password

Step 2: Configure a custom password policy

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

Asia Accelerator Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Cloud Phone Beta

Elastic Desktop Service (EDS) Featured

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)

Function Compute (FC)