Hello Arthur,
On 9/24/2012 4:25 PM, Arthur Fuller wrote:
On this note, one thing that really bugs me about MySQL passwords is the
inability to use special characters. In the SQL Server world, I let users
choose their own passwords, but obeying these rules:
It cannot be a dictionary word or sequence of words.
It must contain at least one numeric digit.
It must contain a mix of upper and lower case.
It must contain at least one special character.
That combination makes a password very difficult to crack. I don't know why
MySQL falls so short in this respect.
MySQL continues to improve in this respect. While it's true that our
last big security change was the enhanced password hash function
introduced in 4.1 we have not been completely insensitive to the needs
of our customers. For example, check out the list of account and
security improvements arriving in MySQL 5.6
http://dev.mysql.com/doc/refman/5.6/en/mysql-nutshell.html
In particular, the password complexity threshold can be configured using
the new Password Validation plugin:
http://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html
Yours,
--
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql
