From 86e856e65f615263e44706e38e465481a54e1912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= Date: Wed, 17 Jul 2024 04:40:29 +0200 Subject: [PATCH] Update encryption and compression functions (#17714) --- .../encryption-and-compression-functions.md | 432 +++++++++++++++++- .../expressions-pushed-down.md | 2 +- password-management.md | 6 +- system-variables.md | 2 +- 4 files changed, 415 insertions(+), 27 deletions(-) diff --git a/functions-and-operators/encryption-and-compression-functions.md b/functions-and-operators/encryption-and-compression-functions.md index 342a6f6ceff06..1bb01cfda4b46 100644 --- a/functions-and-operators/encryption-and-compression-functions.md +++ b/functions-and-operators/encryption-and-compression-functions.md @@ -10,32 +10,420 @@ TiDB supports most of the [encryption and compression functions](https://dev.mys ## Supported functions -| Name | Description | -|:------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------| -| [`MD5()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5) | Calculate MD5 checksum | -| [`PASSWORD()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_password) | Calculate and return a password string | -| [`RANDOM_BYTES()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_random-bytes) | Return a random byte vector | -| [`SHA1(), SHA()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1) | Calculate an SHA-1 160-bit checksum | -| [`SHA2()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2) | Calculate an SHA-2 checksum | -| [`SM3()`](https://en.wikipedia.org/wiki/SM3_(hash_function)) | Calculate an SM3 checksum (currently MySQL does not support this function) | -| [`AES_DECRYPT()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-decrypt) | Decrypt using AES | -| [`AES_ENCRYPT()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-encrypt) | Encrypt using AES | -| [`COMPRESS()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_compress) | Return result as a binary string | -| [`UNCOMPRESS()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_uncompress) | Uncompress a string compressed | -| [`UNCOMPRESSED_LENGTH()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_uncompressed-length) | Return the length of a string before compression | -| [`VALIDATE_PASSWORD_STRENGTH()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_validate-password-strength) | Validate the password strength | - -## Related system variables - -The [`block_encryption_mode`](/system-variables.md#block_encryption_mode) variable sets the encryption mode that is used for `AES_ENCRYPT()` and `AES_DECRYPT()`. - -The [`validate_password.*`](/system-variables.md) variables affect the `VALIDATE_PASSWORD_STRENGTH()` function. +| Name | Description | +|:--------------------------------------------------------------|:--------------------------------------------------| +| [`AES_DECRYPT()`](#aes_decrypt) | Decrypt using AES | +| [`AES_ENCRYPT()`](#aes_encrypt) | Encrypt using AES | +| [`COMPRESS()`](#compress) | Compress and return result as a binary string | +| [`MD5()`](#md5) | Calculate MD5 checksum | +| [`PASSWORD()`](#password) | Calculate and return a password string | +| [`RANDOM_BYTES()`](#random_bytes) | Return a random byte vector | +| [`SHA()`](#sha) | Calculate an SHA-1 160-bit checksum | +| [`SHA1()`](#sha1) | Calculate an SHA-1 160-bit checksum | +| [`SHA2()`](#sha2) | Calculate an SHA-2 checksum | +| [`SM3()`](#sm3) | Calculate an SM3 checksum | +| [`UNCOMPRESS()`](#uncompress) | Uncompress a compressed string | +| [`UNCOMPRESSED_LENGTH()`](#uncompressed_length) | Return the length of a string before compression | +| [`VALIDATE_PASSWORD_STRENGTH()`](#validate_password_strength) | Validate the password strength | + +### [`AES_DECRYPT()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-decrypt) + +The `AES_DECRYPT(data, key [,iv])` function decrypts `data` that was previously encrypted using the [`AES_ENCRYPT()`](#aes_encrypt) function with the same `key`. + +You can use the [`block_encryption_mode`](/system-variables.md#block_encryption_mode) system variable to select the [Advanced Encryption Standard (AES)](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption mode. + +For encryption modes that require an initialization vector, set it with the `iv` argument. The default value is `NULL`. + +```sql +SELECT AES_DECRYPT(0x28409970815CD536428876175F1A4923, 'secret'); +``` + +``` ++----------------------------------------------------------------------------------------------------------------------+ +| AES_DECRYPT(0x28409970815CD536428876175F1A4923, 'secret') | ++----------------------------------------------------------------------------------------------------------------------+ +| 0x616263 | ++----------------------------------------------------------------------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`AES_ENCRYPT()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-encrypt) + +The `AES_ENCRYPT(data, key [,iv])` function encrypts `data` with `key` using the [Advanced Encryption Standard (AES)](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) algorithm. + +You can use the [`block_encryption_mode`](/system-variables.md#block_encryption_mode) system variable to select the AES encryption mode. + +For encryption modes that require an initialization vector, set it with the `iv` argument. The default value is `NULL`. + +```sql +SELECT AES_ENCRYPT(0x616263,'secret'); +``` + +``` ++----------------------------------------------------------------+ +| AES_ENCRYPT(0x616263,'secret') | ++----------------------------------------------------------------+ +| 0x28409970815CD536428876175F1A4923 | ++----------------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`COMPRESS()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_compress) + +The `COMPRESS(expr)` function returns a compressed version of the input data `expr`. + +- If the argument is `NULL`, the function returns `NULL`. +- If the argument is an empty string, the function returns a zero-length value. + +For non-zero length argument, the function returns a binary string with the following structure: + +- Bytes 0 to 3: the uncompressed length +- Bytes 4 to the end: the zlib compressed data + +```sql +SELECT COMPRESS(0x414243); +``` + +``` ++------------------------------------------+ +| COMPRESS(0x414243) | ++------------------------------------------+ +| 0x03000000789C72747206040000FFFF018D00C7 | ++------------------------------------------+ +1 row in set (0.00 sec) +``` + +In this output, `0x03000000` represents the uncompressed length (3) and `0x789C72747206040000FFFF018D00C7` is the zlib compressed data. + +An example of using Python to decode this outside of TiDB: + +```python +import codecs +import zlib + +data = codecs.decode('03000000789C72747206040000FFFF018D00C7','hex') +print(int.from_bytes(data[:4], byteorder='little')) # 3 +print(zlib.decompress(data[4:])) # b'ABC' +``` + +For short strings, `COMPRESS()` might return more bytes than the input. The following example shows that a string of 100 `a` characters compresses to 19 bytes. + +```sql +WITH x AS (SELECT REPEAT('a',100) 'a') +SELECT LENGTH(a),LENGTH(COMPRESS(a)) FROM x; +``` + +``` ++-----------+---------------------+ +| LENGTH(a) | LENGTH(COMPRESS(a)) | ++-----------+---------------------+ +| 100 | 19 | ++-----------+---------------------+ +1 row in set (0.00 sec) +``` + +### [`MD5()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5) + +The `MD5(expr)` function calculates a 128-bit [MD5](https://en.wikipedia.org/wiki/MD5) hash for the given argument `expr`. + +```sql +SELECT MD5('abc'); +``` + +``` ++----------------------------------+ +| MD5('abc') | ++----------------------------------+ +| 900150983cd24fb0d6963f7d28e17f72 | ++----------------------------------+ +1 row in set (0.00 sec) +``` + +### [`PASSWORD()`](https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password) + +> **Warning:** +> +> This function is deprecated in MySQL 5.7 and removed in MySQL 8.0. It is deprecated in TiDB. It is not recommended to use this function. + +The `PASSWORD(str)` function calculates a password hash that can be used with the `mysql_native_password` authentication method. + +```sql +SELECT PASSWORD('secret'); +``` + +``` ++-------------------------------------------+ +| PASSWORD('secret') | ++-------------------------------------------+ +| *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 | ++-------------------------------------------+ +1 row in set, 1 warning (0.00 sec) + +Warning (Code 1681): PASSWORD is deprecated and will be removed in a future release. +``` + +### [`RANDOM_BYTES()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_random-bytes) + +The `RANDOM_BYTES(n)` function returns `n` random bytes. + +```sql +SELECT RANDOM_BYTES(3); +``` + +``` ++----------------------------------+ +| RANDOM_BYTES(3) | ++----------------------------------+ +| 0x1DBC0D | ++----------------------------------+ +1 row in set (0.00 sec) +``` + +### [`SHA()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1) + +The `SHA()` function is an alias for [`SHA1`](#sha1). + +### [`SHA1()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1) + +The `SHA1(expr)` function calculates a 160-bit [SHA-1](https://en.wikipedia.org/wiki/SHA-1) hash for the given argument `expr`. + +```sql +SELECT SHA1('abc'); +``` + +``` ++------------------------------------------+ +| SHA1('abc') | ++------------------------------------------+ +| a9993e364706816aba3e25717850c26c9cd0d89d | ++------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`SHA2()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2) + +The `SHA2(str, n)` function calculates a hash using an algorithm from the [SHA-2](https://en.wikipedia.org/wiki/SHA-2) family. The `n` argument is used to select the algorithm. `SHA2()` returns `NULL` if any of the arguments are `NULL` or if the algorithm selected by `n` is unknown or unsupported. + +The following lists supported algorithms: + +| n | Algorithm | +|-----|-----------| +| 0 | SHA-256 | +| 224 | SHA-224 | +| 256 | SHA-256 | +| 384 | SHA-384 | +| 512 | SHA-512 | + +```sql +SELECT SHA2('abc',224); +``` + +``` ++----------------------------------------------------------+ +| SHA2('abc',224) | ++----------------------------------------------------------+ +| 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7 | ++----------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### `SM3()` + +> **Note:** +> +> The `SM3()` function is a TiDB extension and is not implemented in MySQL. + +The `SM3(str)` function calculates a 256-bit [ShangMi 3 (SM3)](https://en.wikipedia.org/wiki/SM3_(hash_function)) hash for the given argument `str`. + +```sql +SELECT SM3('abc'); +``` + +``` ++------------------------------------------------------------------+ +| SM3('abc') | ++------------------------------------------------------------------+ +| 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0 | ++------------------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`UNCOMPRESS()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_uncompress) + +The `UNCOMPRESS(data)` function decompresses the data that was compressed with the [`COMPRESS()`](#compress) function. + +```sql +SELECT UNCOMPRESS(0x03000000789C72747206040000FFFF018D00C7); +``` + +``` ++------------------------------------------------------------------------------------------------------------+ +| UNCOMPRESS(0x03000000789C72747206040000FFFF018D00C7) | ++------------------------------------------------------------------------------------------------------------+ +| 0x414243 | ++------------------------------------------------------------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`UNCOMPRESSED_LENGTH()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_uncompressed-length) + +The `UNCOMPRESSED_LENGTH(data)` function returns the first 4 bytes of the compressed data, which store the length that the compressed string had before being compressed with the [`COMPRESS()`](#compress) function. + +```sql +SELECT UNCOMPRESSED_LENGTH(0x03000000789C72747206040000FFFF018D00C7); +``` + +``` ++---------------------------------------------------------------+ +| UNCOMPRESSED_LENGTH(0x03000000789C72747206040000FFFF018D00C7) | ++---------------------------------------------------------------+ +| 3 | ++---------------------------------------------------------------+ +1 row in set (0.00 sec) +``` + +### [`VALIDATE_PASSWORD_STRENGTH()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_validate-password-strength) + + + +The `VALIDATE_PASSWORD_STRENGTH(str)` function is used as part of [password management](/password-management.md). It calculates the strength of a password and returns a value between 0 and 100. + + + + + +The `VALIDATE_PASSWORD_STRENGTH(str)` function is used as part of password management. It calculates the strength of a password and returns a value between 0 and 100. + + + +The [`validate_password.*`](/system-variables.md) system variables affect the behavior of the `VALIDATE_PASSWORD_STRENGTH()` function. + +Examples: + +- To enable the password complexity check, set the [`validate_password.enable`](/system-variables.md#validate_passwordenable-new-in-v650) system variable to `ON`: + + ```sql + SET GLOBAL validate_password.enable=ON; + ``` + +- View password validation-related system variables: + + ```sql + SHOW VARIABLES LIKE 'validate_password.%'; + ``` + + ``` + +--------------------------------------+--------+ + | Variable_name | Value | + +--------------------------------------+--------+ + | validate_password.check_user_name | ON | + | validate_password.dictionary | | + | validate_password.enable | ON | + | validate_password.length | 8 | + | validate_password.mixed_case_count | 1 | + | validate_password.number_count | 1 | + | validate_password.policy | MEDIUM | + | validate_password.special_char_count | 1 | + +--------------------------------------+--------+ + 8 rows in set (0.01 sec) + ``` + +- Check the password strength of an empty string, which returns `0`: + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH(''); + ``` + + ``` + +--------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('') | + +--------------------------------+ + | 0 | + +--------------------------------+ + 1 row in set (0.00 sec) + ``` + +- Check the password strength of a short string `abcdef`, which returns `25`: + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH('abcdef'); + ``` + + ``` + +--------------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('abcdef') | + +--------------------------------------+ + | 25 | + +--------------------------------------+ + 1 row in set (0.00 sec) + ``` + +- Check the password strength of a longer string `abcdefghi`, which returns `50`. This string is longer than the default value of [`validate_password.length`](/system-variables.md#validate_passwordlength-new-in-v650): + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH('abcdefghi'); + ``` + + ``` + +-----------------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('abcdefghi') | + +-----------------------------------------+ + | 50 | + +-----------------------------------------+ + 1 row in set (0.00 sec) + ``` + +- Adding an upper-case character to the string does not improve the password strength: + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH('Abcdefghi'); + ``` + + ``` + +-----------------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('Abcdefghi') | + +-----------------------------------------+ + | 50 | + +-----------------------------------------+ + 1 row in set (0.01 sec) + ``` + +- Adding numbers to the string also does not improve the password strength: + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH('Abcdefghi123'); + ``` + + ``` + +--------------------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('Abcdefghi123') | + +--------------------------------------------+ + | 50 | + +--------------------------------------------+ + 1 row in set (0.00 sec) + ``` + +- Finally, adding special characters to the string brings the password strength to `100`, indicating a strong password: + + ```sql + SELECT VALIDATE_PASSWORD_STRENGTH('Abcdefghi123%$#'); + ``` + + ``` + +-----------------------------------------------+ + | VALIDATE_PASSWORD_STRENGTH('Abcdefghi123%$#') | + +-----------------------------------------------+ + | 100 | + +-----------------------------------------------+ + 1 row in set (0.00 sec) + ``` ## Unsupported functions -* `DES_DECRYPT()`, `DES_ENCRYPT()`, `OLD_PASSWORD()`, `ENCRYPT()`: these functions were deprecated in MySQL 5.7 and removed in 8.0. -* Functions only available in MySQL Enterprise [Issue #2632](https://github.com/pingcap/tidb/issues/2632). +* TiDB does not support the functions only available in MySQL Enterprise [Issue #2632](https://github.com/pingcap/tidb/issues/2632). ## MySQL compatibility * TiDB does not support the `STATEMENT_DIGEST()` and `STATEMENT_DIGEST_TEXT()` functions. +* TiDB does not support the `kdf_name`, `salt`, and `iterations` arguments for [`AES_ENCRYPT()`](#aes_encrypt) and [`AES_DECRYPT`](#aes_decrypt) that MySQL added in MySQL 8.0.30. +* MySQL does not implement the [`SM3()`](#sm3) function. \ No newline at end of file diff --git a/functions-and-operators/expressions-pushed-down.md b/functions-and-operators/expressions-pushed-down.md index 54f50fcb12ac9..188dc74fd5117 100644 --- a/functions-and-operators/expressions-pushed-down.md +++ b/functions-and-operators/expressions-pushed-down.md @@ -23,7 +23,7 @@ TiFlash also supports pushdown for the functions and operators [listed on this p | [Date and time functions](/functions-and-operators/date-and-time-functions.md) | [DATE()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_date)
[DATE_FORMAT()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_date-format)
[DATEDIFF()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_datediff)
[DAYOFMONTH()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_dayofmonth)
[DAYOFWEEK()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_dayofweek)
[DAYOFYEAR()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_dayofyear)
[FROM_DAYS()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_from-days)
[HOUR()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_hour)
[MAKEDATE()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_makedate)
[MAKETIME()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_maketime)
[MICROSECOND()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_microsecond)
[MINUTE()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_minute)
[MONTH()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_month)
[MONTHNAME()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_monthname)
[PERIOD_ADD()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_period-add)
[PERIOD_DIFF()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_period-diff)
[SEC_TO_TIME()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_sec-to-time)
[SECOND()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_second)
[SYSDATE()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_sysdate)
[TIME_TO_SEC()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_time-to-sec)
[TIMEDIFF()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_timediff)
[WEEK()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_week)
[WEEKOFYEAR()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_weekofyear)
[YEAR()](https://dev.mysql.com/doc/refman/8.0/en/date-and-time-functions.html#function_year) | | [String functions](/functions-and-operators/string-functions.md) | [ASCII()](/functions-and-operators/string-functions.md#ascii)
[BIT_LENGTH()](/functions-and-operators/string-functions.md#bit_length)
[CHAR()](/functions-and-operators/string-functions.md#char)
[CHAR_LENGTH()](/functions-and-operators/string-functions.md#char_length)
[CONCAT()](/functions-and-operators/string-functions.md#concat)
[CONCAT_WS()](/functions-and-operators/string-functions.md#concat_ws)
[ELT()](/functions-and-operators/string-functions.md#elt)
[FIELD()](/functions-and-operators/string-functions.md#field)
[HEX()](/functions-and-operators/string-functions.md#hex)
[LENGTH()](/functions-and-operators/string-functions.md#length)
[LIKE](/functions-and-operators/string-functions.md#like)
[LOWER()](/functions-and-operators/string-functions.md#lower)
[LTRIM()](/functions-and-operators/string-functions.md#ltrim)
[MID()](/functions-and-operators/string-functions.md#mid)
[NOT LIKE](/functions-and-operators/string-functions.md#not-like)
[NOT REGEXP](/functions-and-operators/string-functions.md#not-regexp)
[REGEXP](/functions-and-operators/string-functions.md#regexp)
[REGEXP_LIKE()](/functions-and-operators/string-functions.md#regexp_like)
[REGEXP_REPLACE()](/functions-and-operators/string-functions.md#regexp_replace)
[REGEXP_SUBSTR()](/functions-and-operators/string-functions.md#regexp_substr)
[REPLACE()](/functions-and-operators/string-functions.md#replace)
[REVERSE()](/functions-and-operators/string-functions.md#reverse)
[RIGHT()](/functions-and-operators/string-functions.md#right), [RLIKE](/functions-and-operators/string-functions.md#rlike)
[RTRIM()](/functions-and-operators/string-functions.md#rtrim)
[SPACE()](/functions-and-operators/string-functions.md#space)
[STRCMP()](/functions-and-operators/string-functions.md#strcmp)
[SUBSTR()](/functions-and-operators/string-functions.md#substr)
[SUBSTRING()](/functions-and-operators/string-functions.md#substring)
[UPPER()](/functions-and-operators/string-functions.md#upper) | | [Aggregation functions](/functions-and-operators/aggregate-group-by-functions.md#aggregate-group-by-functions) | [COUNT()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_count)
[COUNT(DISTINCT)](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_count-distinct)
[SUM()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_sum)
[AVG()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_avg)
[MAX()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_max)
[MIN()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_min)
[VARIANCE()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_variance)
[VAR_POP()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_var-pop)
[STD()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_std)
[STDDEV()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_stddev)
[STDDEV_POP](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_stddev-pop)
[VAR_SAMP()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_var-samp)
[STDDEV_SAMP()](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_stddev-samp)
[JSON_ARRAYAGG(key)](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_json-arrayagg)
[JSON_OBJECTAGG(key, value)](https://dev.mysql.com/doc/refman/8.0/en/aggregate-functions.html#function_json-objectagg) | -| [Encryption and compression functions](/functions-and-operators/encryption-and-compression-functions.md#encryption-and-compression-functions) | [MD5()](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5)
[SHA1(), SHA()](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1)
[UNCOMPRESSED_LENGTH()](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_uncompressed-length) | +| [Encryption and compression functions](/functions-and-operators/encryption-and-compression-functions.md#encryption-and-compression-functions) | [MD5()](/functions-and-operators/encryption-and-compression-functions.md#md5)
[SHA1(), SHA()](/functions-and-operators/encryption-and-compression-functions.md#sha1)
[UNCOMPRESSED_LENGTH()](/functions-and-operators/encryption-and-compression-functions.md#uncompressed_length) | | [Cast functions and operators](/functions-and-operators/cast-functions-and-operators.md#cast-functions-and-operators) | [CAST()](/functions-and-operators/cast-functions-and-operators.md#cast)
[CONVERT()](/functions-and-operators/cast-functions-and-operators.md#convert) | | [Miscellaneous functions](/functions-and-operators/miscellaneous-functions.md#supported-functions) | [UUID()](/functions-and-operators/miscellaneous-functions.md#uuid) | diff --git a/password-management.md b/password-management.md index 12df3b05d02ec..2d839d8989fd2 100644 --- a/password-management.md +++ b/password-management.md @@ -33,7 +33,7 @@ Password complexity check is disabled by default in TiDB. By configuring system The password complexity policy has the following features: - For SQL statements that set user passwords in plaintext (including `CREATE USER`, `ALTER USER`, and `SET PASSWORD`), TiDB checks the passwords against the password complexity policy. If a password does not meet the requirements, the password is rejected. -- You can use the SQL function [`VALIDATE_PASSWORD_STRENGTH()`](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_validate-password-strength) to validate the password strength. +- You can use the SQL function [`VALIDATE_PASSWORD_STRENGTH()`](/functions-and-operators/encryption-and-compression-functions.md#validate_password_strength) to validate the password strength. > **Note:** > @@ -136,13 +136,13 @@ ERROR 1819 (HY000): Require Password Length: 8 ### Password strength validation function -To check the password strength, you can use the `VALIDATE_PASSWORD_STRENGTH()` function. This function accepts a password argument and returns an integer from 0 (weak) to 100 (strong). +To check the password strength, you can use the [`VALIDATE_PASSWORD_STRENGTH()`](/functions-and-operators/encryption-and-compression-functions.md#validate_password_strength) function. This function accepts a password argument and returns an integer from 0 (weak) to 100 (strong). > **Note:** > > This function evaluates the password strength based on the current password complexity policy. If the password complexity policy is changed, the same password might get different evaluation results. -The following example shows how to use the `VALIDATE_PASSWORD_STRENGTH()` function: +The following example shows how to use the [`VALIDATE_PASSWORD_STRENGTH()`](/functions-and-operators/encryption-and-compression-functions.md#validate_password_strength) function: ```sql mysql> SELECT VALIDATE_PASSWORD_STRENGTH('weak'); diff --git a/system-variables.md b/system-variables.md index e5c4fc32344e3..6d311213a771e 100644 --- a/system-variables.md +++ b/system-variables.md @@ -312,7 +312,7 @@ mysql> SELECT * FROM t1; - Type: Enumeration - Default value: `aes-128-ecb` - Value options: `aes-128-ecb`, `aes-192-ecb`, `aes-256-ecb`, `aes-128-cbc`, `aes-192-cbc`, `aes-256-cbc`, `aes-128-ofb`, `aes-192-ofb`, `aes-256-ofb`, `aes-128-cfb`, `aes-192-cfb`, `aes-256-cfb` -- This variable sets the encryption mode for the built-in functions `AES_ENCRYPT()` and `AES_DECRYPT()`. +- This variable sets the encryption mode for the built-in functions [`AES_ENCRYPT()`](/functions-and-operators/encryption-and-compression-functions.md#aes_encrypt) and [`AES_DECRYPT()`](/functions-and-operators/encryption-and-compression-functions.md#aes_decrypt). ### character_set_client