News for Admins
Tech News
MySQL 9.0 Released
The MySQL team has announced open source MySQL 9.0 (Innovation Release), along with the first update of the 8.4 LTS (8.4.1): https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-1.html.
MySQL 9.0 represents a major release with several important updates. For example, this release removes the mysql_native_password
authentication plugin. This plugin was previously deprecated but now has been removed altogether.
According to the 9.0 release notes (https://dev.mysql.com/doc/relnotes/mysql/9.0/en/news-9-0-0.html#mysqld-9-0-0-deprecation-removal): "The mysql_native_password authentication plugin, deprecated in MySQL 8.0, has been removed, and the server now rejects mysql_native authentication requests from older client programs which do not have CLIENT_PLUGIN_AUTH capability. For backward compatibility, mysql_native_password remains available on the client; the client-side built-in authentication plugin has been converted into a dynamically loadable plugin."
A recent blog post (https://blogs.oracle.com/mysql/post/mysql-90-its-time-to-abandon-the-weak-authentication-method) from MySQL Community Manager Frederic Descamps explains further, noting that the mysql_native_password
is considered weak compared to modern authentication methods because it:
- Uses the SHA-1 hashing algorithm, which is vulnerable to certain types of cryptographic attacks.
- Does not use salting when hashing passwords.
- Does not use multiple iterations of the hash function, which makes it
Buy this article as PDF
(incl. VAT)