PDF (US Ltr)
- 0.7Mb
PDF (A4)
- 0.7Mb
Lists the Security configuration metrics and provides a brief description of each.
Table 7.30 Security Configuration Metrics
| Name | Description |
|---|---|
| Activate All Roles On Login Enabled | Whether to enable automatic activation of all granted roles when users log in to the server. |
| Auto Generate Certs Enabled | This variable is available if the server was compiled using OpenSSL. It controls whether the server autogenerates SSL key and certificate files in the data directory, if they do not already exist. |
| Automatic Sp Privileges Enabled | When this variable has a value of 1 (the default), the server automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine, if the user cannot already execute and alter or drop the routine. |
| Caching Sha2 Password Private Key Path | The path name of the RSA private key file for the caching_sha2_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. |
| Caching Sha2 Password Public Key Path | The path name of the RSA public key file for the caching_sha2_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. |
| Check Proxy Users Enabled | This variable controls whether the server performs proxy user mapping for authentication plugins that request it. With check_proxy_users enabled, it may also be necessary to enable plugin-specific system variables to take advantage of server proxy user mapping support. |
| Default Authentication Plugin | The default authentication plugin. Permitted values are mysql_native_password (use MySQL native passwords; this is the default) and sha256_password (use SHA-256 passwords). |
| Default Password Lifetime | This variable defines the global automatic password expiration policy. It applies to accounts that use MySQL built-in authentication methods (accounts that use an authentication plugin of mysql_native_password, mysql_old_password, or sha256_password). If the value of default_password_lifetime is a positive integer N, it indicates the permitted password lifetime; passwords must be changed every N days. A value of 0 disables automatic password expiration. The default is 360; passwords must be changed approximately once per year. |
| Disconnect On Expired Password Enabled | Controls how the server handles clients with expired passwords. |
| Local Infile Enabled | Whether LOCAL is supported for LOAD DATA INFILE statements. |
| Mandatory Roles | Automatically granted roles for all users. |
| Mysql Native Password Proxy Users Enabled | This variable controls whether the mysql_native_password built-in authentication plugin supports proxy users. It has no effect unless the check_proxy_users system variable is enabled. |
| Old Passwords Enabled | Whether the server uses pre-4.1-style passwords for MySQL user accounts. |
| Password History | Number of password changes required before password reuse. If the value is 0 (the default), there is no reuse restriction based on number of password changes. |
| Password Reuse Interval | Number of days elapsed required before password reuse. If the value is 0 (the default), there is no reuse restriction based on time elapsed. |
| Secure Auth Enabled | Disallow authentication by clients that attempt to use accounts that have old (pre-4.1) passwords. |
| Secure File Privileges | If set to the name of a directory, it limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT ... INTO OUTFILE statements to work only with files in that directory. |
| Sha256 Password Auto Generate Rsa Keys Enabled | This variable is available if the server was compiled using OpenSSL. It controls whether the server autogenerates RSA private/public key-pair files in the data directory, if they do not already exist. |
| Sha256 Password Private Key Path | The path name of the RSA private key file for the sha256_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. Because this file stores a private key, its access mode must be restricted so that only the MySQL server can read it. |
| Sha256 Password Proxy Users Enabled | This variable controls whether the sha256_password built-in authentication plugin supports proxy users. It has no effect unless the check_proxy_users system variable is enabled. |
| Sha256 Password Public Key Path | The path name of the RSA public key file for the sha256_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. Because this file stores a public key, copies can be freely distributed to client users. |
| Skip Show Database Enabled | With this option, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names. |
| Validate User Plugins Enabled | If this variable is enabled (the default), the server checks each user account and produces a warning if conditions are found that would make the account unusable. |