Home Securing MySQL v8
Post
Cancel

Securing MySQL v8

MySQL version 8.x changes a few things in the name of security. The program “mysql_secure_installation” is a good start, however with a stock out of the box installation of MySQL v8.x will cause this program to enter a loop that you can not exit. So sad.

The caching_sha2_password and sha256_password authentication plugins provide more secure password encryption than the mysql_native_password plugin, and caching_sha2_password provides better performance than sha256_password. Due to these superior security and performance characteristics of caching_sha2_password, it is as of MySQL 8.0 the preferred authentication plugin, and is also the default authentication plugin rather than mysql_native_password. This change affects both the server and the libmysqlclient client library.

Before you run this program, you will need to change the root MySQL account to use the MySQL native password system.

1
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';

Now you can run it with this command line:

1
sudo mysql_secure_installation -p

Afterwards you can change it back using this SQL command:

1
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password by 'mynewpassword';

source: https://stackoverflow.com/a/72287858
source: https://dev.mysql.com/doc/refman/8.0/en/upgrading-from-previous-series.html#upgrade-caching-sha2-password

This post is licensed under CC BY 4.0 by the author.