Community
Learn
Tools Library
AI Tools
Leisure
search
English
Table of Contents
前言:
实现:
原理:
更多:
Home Database Mysql Tutorial Chapter2UserAuthentication,Authorization,andSecurity(3):

Chapter2UserAuthentication,Authorization,andSecurity(3):

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 pm 04:00 PM

原文出处:http://blog.csdn.net/dba_huangzj/article/details/38756693,专题目录:http://blog.csdn.net/dba_huangzj/article/details/37906349 未经作者同意,任何人不得以原创形式发布,也不得已用于商业用途,本人不负责任何法律责任。 前一篇:http://b

原文出处:http://blog.csdn.net/dba_huangzj/article/details/38756693,专题目录:http://blog.csdn.net/dba_huangzj/article/details/37906349

未经作者同意,任何人不得以“原创”形式发布,也不得已用于商业用途,本人不负责任何法律责任。

前一篇:http://blog.csdn.net/dba_huangzj/article/details/38705965

前言:

暴力攻击(Brute-force attack)是通过几乎所有可能的字符组合尝试破解密码,或者使用一个字典表,包含几乎所有可能的密码来实现密码破解的方法。如果你的密码很简单,那么很快就会被破解。所以,测试密码是非常重要的。

实现:

1. 首先查找SQL 密码没有使用强制密码策略的: 

SELECT name, is_disabled 
FROM sys.sql_logins 
WHERE is_policy_checked = 0 
ORDER BY name;
Copy after login

2. 然后对这些登录使用强密码策略:

ALTER LOGIN Fred WITH CHECK_POLICY = ON,CHECK_EXPIRATION = ON;
Copy after login

这个命令不会更改现有密码,直到密码过期前密码依然有效。可以使用下面函数检查密码到期时间:

SELECT LOGINPROPERTY('Fred', 'DaysUntilExpiration');
Copy after login

3. 你还可以强制在登录时修改密码,但是需要先提供一个协商好的密码并告知使用者,比如下面的代码,就是把Fred这个登录名强制登陆时修改密码,然后你使用了You need to change me ! 这个作为“初始密码”,你需要告知用户,登陆时使用它,登录成功后会提示你修改密码。

ALTER LOGIN Fred WITH PASSWORD = 'You need to change me !' MUST_CHANGE, CHECK_POLICY = ON, CHECK_EXPIRATION = ON;
Copy after login
原文出处:http://blog.csdn.net/dba_huangzj/article/details/38756693

image

4. 可以使用脚本把所有需要修改的登录名全部显式出来:

SELECT  'ALTER LOGIN ' + QUOTENAME(name) + ' WITH PASSWORD = ''You 
need to change me 11'' MUST_CHANGE, CHECK_POLICY = ON, CHECK_ 
EXPIRATION = ON; 
' 
FROM    sys.sql_logins 
WHERE   is_policy_checked = 0 
ORDER BY name;
Copy after login

如果需要在应用程序中允许用户修改他们的密码,可以参照这篇文章:http://msdn.microsoft.com/zh-cn/library/ms131024.aspx (以编程方式更改密码)

原理:

最好的保护密码避免暴力攻击的方法是使用WIndows密码策略,因为它仅允许你使用强密码。另外暴力攻击密码会在SQL Server的错误日志和Windows的事件日志中留底。

SQL登录的密码或密钥是不存储在任何系统表中,仅存储密码的hash值,也就是说没有办法解密。hash值会存储在系统表中,以便后续登录时与传输的密码使用hash函数生成的hash值匹配。

原文出处:http://blog.csdn.net/dba_huangzj/article/details/38756693

更多:

过期策略的其中一个组成部分是【lockout threshold】,如果要启用对SQL 登录的失败尝试锁定,需要对CHECK_POLICY 选项设为ON,并且把你的帐号锁定策略在Active Directory或者本地配置。

image

可以使用下面语句查询是否有锁定的帐号:

SELECT name 
FROM sys.sql_logins 
WHERE LOGINPROPERTY(name, N'isLocked') = 1 
ORDER BY name;
Copy after login
原文出处:http://blog.csdn.net/dba_huangzj/article/details/38756693
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago By DDD
R.E.P.O. Save File Location: Where Is It & How to Protect It?
3 weeks ago By DDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7337
9
Java Tutorial
1627
14
CakePHP Tutorial
1352
46
Laravel Tutorial
1265
25
PHP Tutorial
1209
29
Show More
Related knowledge
Reduce the use of MySQL memory in Docker Reduce the use of MySQL memory in Docker Mar 04, 2025 pm 03:52 PM

This article explores optimizing MySQL memory usage in Docker. It discusses monitoring techniques (Docker stats, Performance Schema, external tools) and configuration strategies. These include Docker memory limits, swapping, and cgroups, alongside

How to solve the problem of mysql cannot open shared library How to solve the problem of mysql cannot open shared library Mar 04, 2025 pm 04:01 PM

This article addresses MySQL's "unable to open shared library" error. The issue stems from MySQL's inability to locate necessary shared libraries (.so/.dll files). Solutions involve verifying library installation via the system's package m

How do you alter a table in MySQL using the ALTER TABLE statement? How do you alter a table in MySQL using the ALTER TABLE statement? Mar 19, 2025 pm 03:51 PM

The article discusses using MySQL's ALTER TABLE statement to modify tables, including adding/dropping columns, renaming tables/columns, and changing column data types.

Run MySQl in Linux (with/without podman container with phpmyadmin) Run MySQl in Linux (with/without podman container with phpmyadmin) Mar 04, 2025 pm 03:54 PM

This article compares installing MySQL on Linux directly versus using Podman containers, with/without phpMyAdmin. It details installation steps for each method, emphasizing Podman's advantages in isolation, portability, and reproducibility, but also

What is SQLite? Comprehensive overview What is SQLite? Comprehensive overview Mar 04, 2025 pm 03:55 PM

This article provides a comprehensive overview of SQLite, a self-contained, serverless relational database. It details SQLite's advantages (simplicity, portability, ease of use) and disadvantages (concurrency limitations, scalability challenges). C

Running multiple MySQL versions on MacOS: A step-by-step guide Running multiple MySQL versions on MacOS: A step-by-step guide Mar 04, 2025 pm 03:49 PM

This guide demonstrates installing and managing multiple MySQL versions on macOS using Homebrew. It emphasizes using Homebrew to isolate installations, preventing conflicts. The article details installation, starting/stopping services, and best pra

How do I configure SSL/TLS encryption for MySQL connections? How do I configure SSL/TLS encryption for MySQL connections? Mar 18, 2025 pm 12:01 PM

Article discusses configuring SSL/TLS encryption for MySQL, including certificate generation and verification. Main issue is using self-signed certificates' security implications.[Character count: 159]

What are some popular MySQL GUI tools (e.g., MySQL Workbench, phpMyAdmin)? What are some popular MySQL GUI tools (e.g., MySQL Workbench, phpMyAdmin)? Mar 21, 2025 pm 06:28 PM

Article discusses popular MySQL GUI tools like MySQL Workbench and phpMyAdmin, comparing their features and suitability for beginners and advanced users.[159 characters]

See all articles