[MDEV-9245] password "reuse prevention" validation plugin - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.7.1
Component/s: Plugins
Labels:
- Preview_10.7
- Security

Description

A password validation plugin to prevent password reuse. It keeps a log of hashes of passwords it has successfully validated before and verifies that a new password is not present in the log.

Attachments

Issue Links

blocks

MDEV-19275 Provide SQL service to plugins.

Closed

causes

MDEV-26647 Include password validation plugin information in the error message if the SQL statement is not satisfied password policy

Closed

MDEV-26650 Failed ALTER USER/GRANT statement removes the password from the cache

Closed

MDEV-28838 password_reuse_check plugin mixes username and password

Closed

duplicates

MDEV-9072 MariaDB Community Edition needs password complexity, expiration, and reuse

Closed

MDEV-9244 Add password auto expiration option and history password control feature

Closed

(1 duplicates)

Activity

Ascending order - Click to sort in descending order

Nirmol Chondri added a comment - 2019-03-01 20:03

hello

Nirmol Chondri added a comment - 2019-03-01 20:03 hello

Geoff Montee (Inactive) added a comment - 2019-05-22 18:36

It looks like MySQL 8.0 added a feature like this:

https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/password-management.html#password-reuse-policy

Geoff Montee (Inactive) added a comment - 2019-05-22 18:36 It looks like MySQL 8.0 added a feature like this: https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/password-management.html#password-reuse-policy

MikaH added a comment - 2020-01-23 10:59

Is this proceeding? We have large scale Customers demanding this to be implemented. Thank you.

MikaH added a comment - 2020-01-23 10:59 Is this proceeding? We have large scale Customers demanding this to be implemented. Thank you.

Sergei Golubchik added a comment - 2020-01-23 16:12

At the moment it's not progressing. MariaDB Foundation is a non-profit organization and tries to treat all its users fairly and equally. And for now other more widely requested features were prioritized over this one.

If your customers demand a feature, you can get in touch with one of commercial MariaDB support providers, for example, MariaDB Corporation, that has a big pool of developers, and you'll be able in turn to demand something to be implemented.

Sergei Golubchik added a comment - 2020-01-23 16:12 At the moment it's not progressing. MariaDB Foundation is a non-profit organization and tries to treat all its users fairly and equally. And for now other more widely requested features were prioritized over this one. If your customers demand a feature, you can get in touch with one of commercial MariaDB support providers, for example, MariaDB Corporation, that has a big pool of developers, and you'll be able in turn to demand something to be implemented.

Sergei Golubchik added a comment - 2020-01-23 16:12

This feature is currently considered a candidate for the next major release of MariaDB Server

Sergei Golubchik added a comment - 2020-01-23 16:12 This feature is currently considered a candidate for the next major release of MariaDB Server

Oleksandr Byelkin added a comment - 2021-01-26 16:08

IMHO timestamp in mysql table is not so interesting (it is better to loock in audit data) as which time password changed (easier to handle) but is it my IMHO

Oleksandr Byelkin added a comment - 2021-01-26 16:08 IMHO timestamp in mysql table is not so interesting (it is better to loock in audit data) as which time password changed (easier to handle) but is it my IMHO

Oleksandr Byelkin added a comment - 2021-01-26 16:10 - edited

on practice the feature is useless user can change password history_length+1 times and return old password

Oleksandr Byelkin added a comment - 2021-01-26 16:10 - edited on practice the feature is useless user can change password history_length+1 times and return old password

Oleksandr Byelkin added a comment - 2021-09-07 13:03

branch bb-10.7-~~MDEV-9245~~-4
commits:
ca4ef7185da363f17d5ef13a40e3572d533e98db
271afbc88e48307299c7a38abfb74dc372c7eb2c

Oleksandr Byelkin added a comment - 2021-09-07 13:03 branch bb-10.7- MDEV-9245 -4 commits: ca4ef7185da363f17d5ef13a40e3572d533e98db 271afbc88e48307299c7a38abfb74dc372c7eb2c

Oleksandr Byelkin added a comment - 2021-09-09 13:27

new commit
cf3c58e85a2dc7fff12f43b5e95577c22829b317

Oleksandr Byelkin added a comment - 2021-09-09 13:27 new commit cf3c58e85a2dc7fff12f43b5e95577c22829b317

Oleksandr Byelkin added a comment - 2021-09-10 11:48

branch bb-10.7-~~MDEV-9245~~-5 commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16

Oleksandr Byelkin added a comment - 2021-09-10 11:48 branch bb-10.7- MDEV-9245 -5 commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16

Sergei Golubchik added a comment - 2021-09-11 09:38

ok to push after adding tests for sql errors in the plugin (on top of the commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16)

Sergei Golubchik added a comment - 2021-09-11 09:38 ok to push after adding tests for sql errors in the plugin (on top of the commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16)

People

Assignee:: Oleksandr Byelkin

Reporter:: Sergei Golubchik

Votes:: 4 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2015-12-07 15:17

Updated:: 2025-03-11 17:03

Resolved:: 2021-10-21 08:30

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.