[#MDEV-25703] Add VALIDATE_PASSWORD

[MDEV-25703] Add VALIDATE_PASSWORD_STRENGTH function Created: 2021-05-17 Updated: 2022-09-19 Resolved: 2022-09-18
Status:	Closed
Project:	MariaDB Server
Component/s:	OTHER
Fix Version/s:	N/A

Type:

Task

Priority:

Minor

Reporter:

Ian Gilfillan

Assignee:

Sergei Golubchik

Resolution:

Won't Fix

Votes:

Labels:

Compatibility, beginner-friendly, compat57, compat80

Issue Links:

PartOf
is part of	MDEV-28906	MySQL 8.0 desired compatibility	Open
Relates
relates to	~~MDEV-7597~~	Expiration of user passwords	Closed

Description

MySQL 5.7 added the VALIDATE_PASSWORD_STRENGTH function
https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_validate-password-strength

This was requested by a user in a comment in ~~MDEV-7597~~, and is also needed for MySQL compatibility purposes.

Comments

Comment by Sergei Golubchik [ 2022-09-18 ]

I don't think VALIDATE_PASSWORD_STRENGTH function is particularly meaningful. The password either passes the policy or it doesn't. It cannot kinda sorta 73% pass the policy and 27% fail it. Any attempt to assign a non-boolean "weight" to it will necessarily be very arbitrarily.

For example, the attached PR assigns an equal weight of 1 to every plugin that the password passed and 0 to a plugin that it failed. And then normalizes the result. There is no logical reason why all plugins should be equally important. Nor a password that passed 2 out of 5 installed plugins is any "more acceptable" than a password that passed 4 out of 5. Both cannot be used, as they failed a required policy, set by the DBA.

In other words, MariaDB shouldn't have this function.

Generated at Thu Feb 08 09:39:42 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-25703] Add VALIDATE_PASSWORD_STRENGTH function Created: 2021-05-17 Updated: 2022-09-19 Resolved: 2022-09-18