Mysql 5.7.9 has some additional security features that are at least useful for slamming your head against, if not actually improving your security.
- There’s a default password set for ‘root’ when first running the server. The password is not generated as a result of the installation as the documentation claims, but only when the server is actually started. Don’t go hunting for it until you’ve started the server.
- There’s a new default password security policy. The current setting can be viewed with this query:
-
mysql>
SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+