maria-discuss team mailing list archive

Thread
Date

Re: Password Complexity Plugin

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Adam Scott <adam.c.scott@xxxxxxxxx>
Date: Fri, 1 May 2015 15:53:59 -0600
Cc: "maria-discuss@xxxxxxxxxxxxxxxxxxx" <maria-discuss@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20150430083846.GB26835@meddwl.fritz.box>

Thank you Sergei.  I kind of expected that.  Was hoping though to get it in
upstream for our environment (one can dream!).  Colin wanted to know if I
got it backported, so I did.

I'll chalk it up to a good exercise :)  It would be nice to get us to
MariaDB 10 but we have a big commitment to 5.5 right now.

So in this exercise.. : 1) Navigate source code and repos in Git and Bazaar
2) Setup eclipse and cmake to navigate and build MariaDB  (I found cscope
to be really a powerful tool for getting around code and preferred it over
eclipse many times)  3) used gdb to attach and examine values  4) Debug
yacc 5) run mysql-test

Thank again,
Adam

On Thu, Apr 30, 2015 at 2:38 AM, Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

> Hi, Adam!
>
> On Apr 27, Adam Scott wrote:
> > It's taken some time, but I have backported the simple_password_check
> > plugin and the password api to MariaDB 5.5  The mysql-test is
> > succeeding on all but the test of the strict_password_validation
> > variable.
> >
> > My question is, should a pure backport include support for
> > strict_password_validation variable (
> >
> https://mariadb.com/kb/en/mariadb/server-system-variables/#strict_password_validation
> )
> > ?  I suspect yes, but wanted to ask to start a further discussion:
> namely
> > if I submit this patch will it be included in future MariaDB 5.5
> releases?
>
> I believe it's unlikely. If we wanted this feature in 5.5, it would've
> been implemented in 5.5 in the first place.
>
> But 5.5 is already GA, it was GA for quite a while. We don't add new
> feature to GA versions, that's why password validation was added to
> 10.1.
>
> I think that if you'll keep your own version of 5.5 + password
> validation and use that in your environment - it should not require much
> efforts to maintain. 5.5 code base is very stable at the moment, changes
> are few and sql_acl.cc almost doesn't change at all. And then you can
> skip 10.0 and upgrade directly to 10.1 one day :)
>
> Regards,
> Sergei
>
>

References

Password Complexity Plugin
From: Adam Scott, 2015-01-22
Re: Password Complexity Plugin
From: Colin Charles, 2015-01-22
Re: Password Complexity Plugin
From: Adam Scott, 2015-01-22
Re: Password Complexity Plugin
From: Colin Charles, 2015-01-22
Re: Password Complexity Plugin
From: Adam Scott, 2015-04-27
Re: Password Complexity Plugin
From: Sergei Golubchik, 2015-04-30