-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: support password validation options and variables #38953
Conversation
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
/cc wjhuang2016 xhebox |
/cc xiongjiwei |
executor/simple.go
Outdated
return false | ||
} | ||
|
||
func (e *SimpleExec) enableValidatePassword() bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func (e *SimpleExec) enableValidatePassword() bool { | |
func (e *SimpleExec) isValidatePasswordenabled() bool { |
pwdLength := len(pwd) | ||
if err != nil { | ||
return false, err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pwdLength := len(pwd) | |
if err != nil { | |
return false, err | |
} | |
if err != nil { | |
return false, err | |
} | |
pwdLength := len(pwd) |
if len(words) == 0 { | ||
return true, nil | ||
} | ||
cache := make(map[string]interface{}, len(words)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cache := make(map[string]interface{}, len(words)) | |
cache := make(map[string]struct{}, len(words)) |
for _, word := range words { | ||
word = strings.ToLower(word) | ||
if len(word) >= minPwdValidationLength && len(word) <= maxPwdValidationLength { | ||
cache[word] = nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cache[word] = nil | |
cache[word] = struct{}{} |
Co-authored-by: xiongjiwei <[email protected]>
…validate_password
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
sessionctx/variable/noop.go
Outdated
@@ -117,7 +115,6 @@ var noopSysVars = []*SysVar{ | |||
{Scope: ScopeNone, Name: "innodb_log_group_home_dir", Value: "./"}, | |||
{Scope: ScopeNone, Name: "performance_schema_events_statements_history_size", Value: "10"}, | |||
{Scope: ScopeGlobal, Name: GeneralLog, Value: Off, Type: TypeBool}, | |||
{Scope: ScopeGlobal, Name: "validate_password_dictionary_file", Value: ""}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this variable is still noop in tidb
sessionctx/variable/sysvar.go
Outdated
PasswordValidtaionNumberCount.Store(int32(TidbOptInt64(val, 1))) | ||
return nil | ||
}, GetGlobal: func(_ context.Context, s *SessionVars) (string, error) { | ||
return fmt.Sprintf("%d", PasswordValidtaionNumberCount.Load()), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strconv.FormatInt(PasswordValidtaionNumberCount.Load(), 10)
has better performance
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Modified :-)
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 9b7e323
|
/run-unit-test |
TiDB MergeCI notify✅ Well Done! New fixed [2] after this pr merged.
|
What problem does this PR solve?
Issue Number: close #38928 #38924
Problem Summary:
We need to improve the compatibility with MySQL in password validation.
What is changed and how it works?
Most of the feature is the same as MySQL's, except that:
validate_password.enable
to turn on/off the validation.validate_password.dictionary
instead ofvalidate_password.dictionary_file
, since it is hard to upload the dictionary file to the tidb-servers's local file systems.Check List
Tests
Side effects
Documentation
Release note
Please refer to Release Notes Language Style Guide to write a quality release note.