MySQL Forums
Forum List  »  Security

Re: mysql_native_password deprecation plans
Posted by: Georgi Kodinov
Date: October 10, 2024 12:58AM

Hello,

It's just like the deprecation message says: it's been deprecated and is to be removed in a future version. In fact, check what MySQL 9.0 Innovation release notes (https://dev.mysql.com/doc/relnotes/mysql/9.0/en/news-9-0-0.html#mysqld-9-0-0-deprecation-removal) say:

The mysql_native_password authentication plugin, deprecated in MySQL 8.0, has been removed, and the server now rejects mysql_native authentication requests from older client programs which do not have CLIENT_PLUGIN_AUTH capability. For backward compatibility, mysql_native_password remains available on the client; the client-side built-in authentication plugin has been converted into a dynamically loadable plugin


mysql_native uses weak hashes (SHA-1) and doesn't "salt" (add randomness) to these. It's time for it to go.

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Options: ReplyQuote


Subject
Views
Written By
Posted
162
October 09, 2024 08:05AM
Re: mysql_native_password deprecation plans
115
October 10, 2024 12:58AM


This forum is currently read only. You can not log in or make any changes. This is a temporary situation.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.