Hướng dẫn mysql set password encrypted
6.3.1 Configuring MySQL to Use Encrypted ConnectionsSeveral configuration parameters are available to indicate whether to use encrypted connections, and to specify the appropriate certificate and key files. This section provides general guidance about configuring the server and clients for encrypted connections:
Encrypted connections also can be used in other contexts, as discussed in these additional sections:
Instructions for creating any required certificate and key files are available in Section 6.3.3, “Creating SSL and RSA Certificates and Keys”. Server-Side Startup Configuration for Encrypted Connections On the server side, the To require that clients connect using encrypted connections, enable the
These system variables on the server side specify the certificate and key files the server uses when permitting clients to establish encrypted connections:
For
example, to enable the server for encrypted connections, start it with these lines in the
To specify in addition that clients are required to use encrypted connections, enable the
Each certificate and key system variable names a file in PEM format. Should you
need to create the required certificate and key files, see Section 6.3.3, “Creating SSL and RSA Certificates and Keys”. MySQL servers compiled using OpenSSL can generate missing certificate and key files automatically at startup. See Section 6.3.3.1, “Creating SSL and RSA Certificates and Keys using MySQL”. Alternatively, if you have a MySQL source distribution, you can test your setup using the demonstration certificate and key files in its The server performs certificate and key file autodiscovery. If no explicit encrypted-connection options are given other than
If the server automatically enables encrypted connection support, it writes a note to the error log. If the server discovers that the CA certificate is self-signed, it writes a warning to the error log. (The certificate is self-signed if created automatically by the server or manually using mysql_ssl_rsa_setup.) MySQL also provides these system variables for server-side encrypted-connection control:
Client-Side Configuration for Encrypted ConnectionsFor a complete list of client options related to establishment of encrypted connections, see Command Options for Encrypted Connections. By default, MySQL client programs
attempt to establish an encrypted connection if the server supports encrypted connections, with further control available through the
Important The default setting, Attempts to establish an unencrypted connection fail if the
The
following options on the client side identify the certificate and key files clients use when establishing encrypted connections to the server. They are similar to the
For additional security relative to that provided by the default encryption, clients can supply a CA certificate matching the one used by the server and enable host name identity verification. In this way, the server and client place their trust in the same CA certificate and the client verifies that the host to which it connected is the one intended:
Note Host name identity verification with Prior to MySQL 5.7.23, host name identity verification also does not work with certificates that specify the Common Name using wildcards because that name is compared verbatim to the server name. MySQL also provides these options for client-side encrypted-connection control:
Depending on the encryption requirements of the MySQL account used by a client, the client may be required to specify certain options to connect using encryption to the MySQL server. Suppose that you want to connect using an account that has no special encryption requirements or that was created using a
Or:
For an account created with a
If the account has more stringent security requirements, other options must be specified to establish an encrypted connection:
For additional information about the MySQL servers can generate client certificate and key files that clients can use to connect to MySQL server instances. See Section 6.3.3, “Creating SSL and RSA Certificates and Keys”. Important If a client connecting to a MySQL server instance uses an SSL certificate with the To prevent use of encryption and override other
To determine whether the current connection with the server uses encryption, check the session value of the
For the mysql client,
an alternative is to use the
Or:
Configuring Encrypted Connections as MandatoryFor some MySQL deployments it may be not only desirable but mandatory to use encrypted connections (for example, to satisfy regulatory requirements). This section discusses configuration settings that enable you to do this. These levels of control are available:
To require that clients connect using encrypted connections, enable the
With To invoke a client program such that it requires an encrypted connection whether or not the server requires encryption, use an
To configure a MySQL account to be usable only over encrypted connections, include a
For additional information about the To modify existing accounts that have no encryption requirements, use the
|