Database administrators should use the following guidelines to keep passwords secure.数据库管理员应使用以下准则来保护密码的安全。

MySQL stores passwords for user accounts in the mysql.user system table. Access to this table should never be granted to any nonadministrative accounts.MySQL将用户帐户的密码存储在mysql.user系统表中。任何非管理帐户都不应被授予访问此表的权限。

Account passwords can be expired so that users must reset them. 帐户密码可能已过期，因此用户必须重置密码。See Section 6.2.15, “Password Management”, and Section 6.2.16, “Server Handling of Expired Passwords”.请参阅第6.2.15节，“密码管理”和第6.2.16节，“服务器处理过期密码”。

The validate_password plugin can be used to enforce a policy on acceptable password. See Section 6.4.3, “The Password Validation Component”.validate_password插件可用于强制执行可接受密码的策略。请参阅第6.4.3节，“密码验证组件”。

A user who has access to modify the plugin directory (the value of the plugin_dir system variable) or the my.cnf file that specifies the plugin directory location can replace plugins and modify the capabilities provided by plugins, including authentication plugins.有权修改插件目录（plugin_dir系统变量的值）或指定插件目录位置的my.cnf文件的用户可以替换插件并修改插件提供的功能，包括身份验证插件。

Files such as log files to which passwords might be written should be protected. 应保护可能写入密码的日志文件等文件。See Section 6.1.2.3, “Passwords and Logging”.请参阅第6.1.2.3节，“密码和记录”。