Bug #66697 need ability to flush password validation dictionary file
Submitted: 4 Sep 2012 20:45 Modified: 29 Jun 2015 16:38
Reporter: Todd Farmer (OCA) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.6.6 OS:Any
Assigned to: CPU Architecture:Any

[4 Sep 2012 20:45] Todd Farmer
Manipulating the password verification plugin dictionary file has no impact on already-loaded plugin.  It seems that the file contents is cached, and that cache cannot be flushed short of restarting mysqld.

How to repeat:
Start mysqld with password verification plugin dictionary file specified, add words to dictionary file, note that passwords are still accepted which contain the newly-added words.

Suggested fix:

1.  Cache the last modified time from the dictionary file, check that against file system before using cache.
2.  Provide mechanism to manually flush cached dictionary file contents.
[20 Nov 2012 17:39] Paul Dubois
Added this to the validate_password_dictionary_file description:

Changes to the dictionary file while the server is running require a
restart for the server to recognize the changes.
[20 Nov 2012 17:40] Paul Dubois
Leaving bug report open in case developer intends to make it possible for the running server to re-read the dictionary file. (A good idea, IMO.)
[29 Jun 2015 16:38] Paul Dubois
Noted in 5.6.26, 5.7.8, 5.8.0 changelogs.

Previously, changes to the validate_password plugin dictionary file
(named by the validate_password_dictionary_file system variable)
while the server was running required a restart for the server to
recognize the changes. Now validate_password_dictionary_file can be
set at runtime and assigning a value causes the named file to be read
without a restart.
In addition, two new status variables are available.
validate_password_dictionary_file_last_parsed indicates when the
dictionary file was last read, and
validate_password_dictionary_file_words_count indicates how many
words it contains.