The artcicle discusses the password verification-required policy introduced in MySQL 8.0.13. With this feature, it is possible to require that attempts to change an account password be verified by specifying the existing current password to be replaced. By Brian Sumpter.
The password verification-required policy enables DBAs to prevent users from changing a password without proving that they know the current password. When would this happen? Such changes could occur if a user walked away from a terminal session without logging out, and a malicious user uses the open session to change the original user’s MySQL password. As you can imagine, this could have disastrous consequences.
The article then focuses on:
- Per-user settings
- Global settings
- Exceptions
Password-verification policy can be established globally, and individual user accounts can be set to either defer to the global policy or override the global policy with specific per-account behavior. MySQL 8 has made great strides in bolstering user administration and user security. While we often take for granted something as simple as requiring the current password before a password change, using this option in concert with other MySQL 8 security features builds a secure and easily administered database environment that hasn’t been possible historically without relying on additional plugins or custom solutions. Good read!
[Read More]