Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9804

Implement a caching_sha256_password plugin

Details

    Description

      In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today.

      Find out more here:

      UPDATE:
      https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/sha256-pluggable-authentication.html

      Attachments

        Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-36382 mariadb支持caching_sha2_password

          • Major - Major loss of function.
          • Closed
          is part of

          Task - A task that needs to be done. MDEV-28906 MySQL 8.0 desired compatibility

          • Major - Major loss of function.
          • Open
          relates to

          Task - A task that needs to be done. CONC-229 SHA256 authentication plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJ-327 Handle sha256_password plugin

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-76 Implement sha256_password support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONJS-77 Implement caching_sha256_password support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-12160 Modern alternative to the SHA1 authentication plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-1325 Add sha256_password authenticator

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MXS-4270 ed25519 authentication support

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. CONC-312 Implement caching_sha2_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. CONJ-663 Implement caching_sha2_password plugin

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            colin Colin Charles created issue -
            serg Sergei Golubchik made changes -
            Field Original Value New Value
            Summary FR: sha256_password plugin sha256_password plugin
            serg Sergei Golubchik made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.1 [ 16100 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ]
            diego dupin Diego Dupin made changes -
            diego dupin Diego Dupin made changes -
            diego dupin Diego Dupin made changes -
            diego dupin Diego Dupin made changes -
            serg Sergei Golubchik made changes -
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.1 [ 16100 ]
            georg Georg Richter made changes -
            serg Sergei Golubchik made changes -
            Priority Critical [ 2 ] Major [ 3 ]
            serg Sergei Golubchik made changes -
            Comment [ SHA256 in MySQL is still SHA1, it doesn't offer any better security on top of SHA1. ]
            serg Sergei Golubchik made changes -
            Priority Major [ 3 ] Minor [ 4 ]
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            serg Sergei Golubchik made changes -
            georg Georg Richter made changes -
            Assignee Sergei Golubchik [ serg ] Georg Richter [ georg ]
            markus makela markus makela made changes -
            ralf.gebhardt Ralf Gebhardt made changes -
            Component/s Authentication and Privilege System [ 13101 ]
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 74672 ] MariaDB v4 [ 130455 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s N/A [ 14700 ]
            Fix Version/s 10.2 [ 14601 ]
            Priority Minor [ 4 ] Major [ 3 ]
            greenman Ian Gilfillan made changes -
            Labels compat80
            monty Michael Widenius made changes -
            AirFocus AirFocus made changes -
            Description In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today.

            Find out more here:
            * http://mysqlblog.fivefarmers.com/2015/08/31/protecting-mysql-passwords-with-sha256_password-plugin/
            * https://dev.mysql.com/doc/refman/5.7/en/sha256-authentication-plugin.html             		In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today.

            Find out more here:

            * http://mysqlblog.fivefarmers.com/2015/08/31/protecting-mysql-passwords-with-sha256\_password\-plugin/
            * https://dev.mysql.com/doc/refman/5.7/en/sha256-authentication-plugin.html
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s N/A [ 14700 ]
            serg Sergei Golubchik made changes -
            Assignee Georg Richter [ georg ] Sergei Golubchik [ serg ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Summary sha256_password plugin Implement a sha256_password / caching_sha256_password plugin
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s 10.13 [ 28501 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 11.1 [ 28549 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.13 [ 28501 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            serg Sergei Golubchik made changes -
            Priority Critical [ 2 ] Major [ 3 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            ralf.gebhardt Ralf Gebhardt made changes -
            Assignee Sergei Golubchik [ serg ] Stefan Schmit [ JIRAUSER52595 ]
            Status Open [ 1 ] Needs Feedback [ 10501 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s N/A [ 14700 ]
            Fix Version/s 11.1 [ 28549 ]
            Resolution Incomplete [ 4 ]
            Status Needs Feedback [ 10501 ] Closed [ 6 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Assignee Stefan Schmit [ JIRAUSER52595 ]
            Resolution Incomplete [ 4 ]
            Status Closed [ 6 ] Stalled [ 10000 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Status Stalled [ 10000 ] Open [ 1 ]
            mariadb-jira-automation Jira Automation (IT) made changes -
            Zendesk Related Tickets 105939 174215 154940
            ralf.gebhardt Ralf Gebhardt made changes -
            Issue Type Task [ 3 ] New Feature [ 2 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s 12.1 [ 29992 ]
            Fix Version/s N/A [ 14700 ]
            julien.fritsch Julien Fritsch made changes -
            Assignee Sergei Golubchik [ serg ]
            serg Sergei Golubchik made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            ParadoxV5 Jimmy Hú made changes -
            ralf.gebhardt Ralf Gebhardt made changes -
            Summary Implement a sha256_password / caching_sha256_password plugin Implement a caching_sha256_password plugin
            ralf.gebhardt Ralf Gebhardt made changes -
            Description In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today.

            Find out more here:

            * http://mysqlblog.fivefarmers.com/2015/08/31/protecting-mysql-passwords-with-sha256\_password\-plugin/
            * https://dev.mysql.com/doc/refman/5.7/en/sha256-authentication-plugin.html             		In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today.

            Find out more here:

            * http://mysqlblog.fivefarmers.com/2015/08/31/protecting-mysql-passwords-with-sha256\_password\-plugin/
            * https://dev.mysql.com/doc/refman/5.7/en/sha256-authentication-plugin.html

            *UPDATE*:
            https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/sha256-pluggable-authentication.html

            People

              serg Sergei Golubchik
              colin Colin Charles
              Votes:
              11 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.