[MDEV-9245] password "reuse prevention" validation plugin - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.7.1
Component/s: Plugins
Labels:
- Preview_10.7
- Security

Description

A password validation plugin to prevent password reuse. It keeps a log of hashes of passwords it has successfully validated before and verifies that a new password is not present in the log.

Attachments

Issue Links

blocks

MDEV-19275 Provide SQL service to plugins.

Closed

causes

MDEV-26647 Include password validation plugin information in the error message if the SQL statement is not satisfied password policy

Closed

MDEV-26650 Failed ALTER USER/GRANT statement removes the password from the cache

Closed

MDEV-28838 password_reuse_check plugin mixes username and password

Closed

duplicates

MDEV-9072 MariaDB Community Edition needs password complexity, expiration, and reuse

Closed

MDEV-9244 Add password auto expiration option and history password control feature

Closed

(1 duplicates)

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik created issue - 2015-12-07 15:17

Sergei Golubchik made changes - 2015-12-07 15:18

Field	Original Value	New Value
Link		This issue duplicates ~~MDEV-9244~~ [ ~~MDEV-9244~~ ]

Sergei Golubchik made changes - 2015-12-07 15:19

Link

This issue duplicates ~~MDEV-9072~~ [ ~~MDEV-9072~~ ]

Ralf Gebhardt made changes - 2018-11-14 16:15

Epic Link

PT-73 [ 68549 ]

Ralf Gebhardt made changes - 2018-11-14 16:15

Priority

Minor [ 4 ]

Critical [ 2 ]

Ralf Gebhardt made changes - 2018-11-14 16:28

Priority

Critical [ 2 ]

Major [ 3 ]

Ralf Gebhardt made changes - 2018-11-14 16:41

Priority

Major [ 3 ]

Critical [ 2 ]

Nirmol Chondri added a comment - 2019-03-01 20:03

hello

Nirmol Chondri added a comment - 2019-03-01 20:03 hello

Geoff Montee (Inactive) added a comment - 2019-05-22 18:36

It looks like MySQL 8.0 added a feature like this:

https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/password-management.html#password-reuse-policy

Geoff Montee (Inactive) added a comment - 2019-05-22 18:36 It looks like MySQL 8.0 added a feature like this: https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/password-management.html#password-reuse-policy

Ralf Gebhardt made changes - 2019-06-13 16:49

Epic Link

PT-73 [ 68549 ]

Julien Fritsch made changes - 2019-11-08 15:03

Assignee

Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]

MikaH added a comment - 2020-01-23 10:59

Is this proceeding? We have large scale Customers demanding this to be implemented. Thank you.

MikaH added a comment - 2020-01-23 10:59 Is this proceeding? We have large scale Customers demanding this to be implemented. Thank you.

Sergei Golubchik added a comment - 2020-01-23 16:12

At the moment it's not progressing. MariaDB Foundation is a non-profit organization and tries to treat all its users fairly and equally. And for now other more widely requested features were prioritized over this one.

If your customers demand a feature, you can get in touch with one of commercial MariaDB support providers, for example, MariaDB Corporation, that has a big pool of developers, and you'll be able in turn to demand something to be implemented.

Sergei Golubchik added a comment - 2020-01-23 16:12 At the moment it's not progressing. MariaDB Foundation is a non-profit organization and tries to treat all its users fairly and equally. And for now other more widely requested features were prioritized over this one. If your customers demand a feature, you can get in touch with one of commercial MariaDB support providers, for example, MariaDB Corporation, that has a big pool of developers, and you'll be able in turn to demand something to be implemented.

Sergei Golubchik added a comment - 2020-01-23 16:12

This feature is currently considered a candidate for the next major release of MariaDB Server

Sergei Golubchik added a comment - 2020-01-23 16:12 This feature is currently considered a candidate for the next major release of MariaDB Server

Ralf Gebhardt made changes - 2020-10-19 10:04

Labels

Security

Oleksandr Byelkin added a comment - 2021-01-26 16:08

IMHO timestamp in mysql table is not so interesting (it is better to loock in audit data) as which time password changed (easier to handle) but is it my IMHO

Oleksandr Byelkin added a comment - 2021-01-26 16:08 IMHO timestamp in mysql table is not so interesting (it is better to loock in audit data) as which time password changed (easier to handle) but is it my IMHO

Oleksandr Byelkin added a comment - 2021-01-26 16:10 - edited

on practice the feature is useless user can change password history_length+1 times and return old password

Oleksandr Byelkin added a comment - 2021-01-26 16:10 - edited on practice the feature is useless user can change password history_length+1 times and return old password

Sergei Golubchik made changes - 2021-06-04 13:48

Link

This issue is blocked by ~~MDEV-19275~~ [ ~~MDEV-19275~~ ]

Ralf Gebhardt made changes - 2021-06-07 09:19

Assignee

Ralf Gebhardt [ ralf.gebhardt@mariadb.com ]

Sergei Golubchik made changes - 2021-07-06 15:41

Fix Version/s

10.7 [ 24805 ]

Sergei Golubchik made changes - 2021-07-06 15:42

Assignee

Oleksandr Byelkin [ sanja ]

Ralf Gebhardt made changes - 2021-07-21 17:55

Due Date

2021-09-14

Oleksandr Byelkin made changes - 2021-08-04 14:21

Status

Open [ 1 ]

In Progress [ 3 ]

Oleksandr Byelkin made changes - 2021-08-19 09:49

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Oleksandr Byelkin made changes - 2021-08-19 12:00

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2021-08-25 10:15

Comment

[ A comment with security level 'Developers' was removed. ]

Oleksandr Byelkin added a comment - 2021-09-07 13:03

branch bb-10.7-~~MDEV-9245~~-4
commits:
ca4ef7185da363f17d5ef13a40e3572d533e98db
271afbc88e48307299c7a38abfb74dc372c7eb2c

Oleksandr Byelkin added a comment - 2021-09-07 13:03 branch bb-10.7- MDEV-9245 -4 commits: ca4ef7185da363f17d5ef13a40e3572d533e98db 271afbc88e48307299c7a38abfb74dc372c7eb2c

Oleksandr Byelkin made changes - 2021-09-07 13:03

Assignee	Oleksandr Byelkin [ sanja ]	Sergei Golubchik [ serg ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2021-09-07 17:22

Assignee	Sergei Golubchik [ serg ]	Oleksandr Byelkin [ sanja ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Oleksandr Byelkin added a comment - 2021-09-09 13:27

new commit
cf3c58e85a2dc7fff12f43b5e95577c22829b317

Oleksandr Byelkin added a comment - 2021-09-09 13:27 new commit cf3c58e85a2dc7fff12f43b5e95577c22829b317

Oleksandr Byelkin made changes - 2021-09-09 13:28

Assignee	Oleksandr Byelkin [ sanja ]	Sergei Golubchik [ serg ]
Status	Stalled [ 10000 ]	In Review [ 10002 ]

Oleksandr Byelkin added a comment - 2021-09-10 11:48

branch bb-10.7-~~MDEV-9245~~-5 commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16

Oleksandr Byelkin added a comment - 2021-09-10 11:48 branch bb-10.7- MDEV-9245 -5 commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16

Sergei Golubchik made changes - 2021-09-11 09:36

Assignee	Sergei Golubchik [ serg ]	Oleksandr Byelkin [ sanja ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Sergei Golubchik added a comment - 2021-09-11 09:38

ok to push after adding tests for sql errors in the plugin (on top of the commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16)

Sergei Golubchik added a comment - 2021-09-11 09:38 ok to push after adding tests for sql errors in the plugin (on top of the commit 0e09bc41cbab05ba1f67c7bf491b9aeebe0bec16)

Oleksandr Byelkin made changes - 2021-09-13 17:07

Link

This issue relates to TODO-3118 [ TODO-3118 ]

Oleksandr Byelkin made changes - 2021-09-13 17:09

Assignee

Oleksandr Byelkin [ sanja ]

Elena Stepanova [ elenst ]

Sergei Golubchik made changes - 2021-09-14 06:49

Link

This issue is blocked by ~~MDEV-19275~~ [ ~~MDEV-19275~~ ]

Sergei Golubchik made changes - 2021-09-14 06:49

Link

This issue blocks ~~MDEV-19275~~ [ ~~MDEV-19275~~ ]

Sergei Golubchik made changes - 2021-09-14 06:50

Link

This issue includes ~~MDEV-19275~~ [ ~~MDEV-19275~~ ]

Sergei Golubchik made changes - 2021-09-14 06:50

Link

This issue includes ~~MDEV-19275~~ [ ~~MDEV-19275~~ ]

Ralf Gebhardt made changes - 2021-09-16 07:34

Due Date

2021-09-14

Sergei Golubchik made changes - 2021-09-20 18:57

Link

This issue causes ~~MDEV-26647~~ [ ~~MDEV-26647~~ ]

Ramesh Sivaraman made changes - 2021-09-21 06:24

Link

This issue causes ~~MDEV-26650~~ [ ~~MDEV-26650~~ ]

Elena Stepanova made changes - 2021-10-04 12:40

Assignee

Elena Stepanova [ elenst ]

Ramesh Sivaraman [ JIRAUSER48189 ]

Oleksandr Byelkin made changes - 2021-10-21 08:30

Assignee

Ramesh Sivaraman [ JIRAUSER48189 ]

Oleksandr Byelkin [ sanja ]

Oleksandr Byelkin made changes - 2021-10-21 08:30

Fix Version/s		10.7.1 [ 26120 ]
Fix Version/s	10.7 [ 24805 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:23

Workflow

MariaDB v3 [ 72905 ]

MariaDB v4 [ 132753 ]

Sergei Golubchik made changes - 2022-06-14 10:30

Link

This issue causes ~~MDEV-28838~~ [ ~~MDEV-28838~~ ]

Ralf Gebhardt made changes - 2023-03-21 11:00

Labels

Security

Preview_10.7 Security

Ralf Gebhardt made changes - 2024-02-09 14:30

Link

This issue blocks MENT-1458 [ MENT-1458 ]

Jira Automation (IT) made changes - 2024-07-04 09:03

Zendesk Related Tickets

112350 141485

People

Assignee:: Oleksandr Byelkin

Reporter:: Sergei Golubchik

Votes:: 4 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2015-12-07 15:17

Updated:: 2025-03-11 17:03

Resolved:: 2021-10-21 08:30

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.