MySQL 8.0 to MySQL 8.4

MySQL 8.4 will be released soon for DBOD users. A significant change in the new version is that the mysql_native_password plugin is by default disabled, which means that if the plugin not explicitly enabled, connections with this specific plugin will fail. mysql_native_password is an INSECURE authentication plugin and users should opt to use caching_sha2_password.

You can update the plugin for a user executing the following (replace admin with the user name you want to change and password by your desired password):

ALTER USER 'admin' IDENTIFIED WITH 'caching_sha2_password' BY 'password';

You can check the users and their plugins in your MySQL instance by executing:

SELECT user,plugin from mysql.user;

If for some reason it is not possible to migrate to caching_sha2_password before the upgrade, you should modify the my.cnf configuration file through the DBOD web interface and add the following line, then restart your instance:

mysql_native_password=ON

Configuration file changes

To pass the upgrade checker test and be able to enable the upgrade from your instance you may also need to edit my.cnf and remove the line with

default_authentication_policy = mysql_native_password

Additionally, most of our users use a set of ssl_ciphers that are blocked in the new release:

ssl_cipher=DHE-RSA-AES256-SHA:AES128-SHA

Unless you have a specific reason to set this variable to a specific cipher, you should opt to not use it.

Reasoning for changing to caching_sha2_password

The mysql_native_password plugin will be removed in a future release, and MySQL developers are actively trying to discourage users from using mysql_native_password therefore users are encouraged to upgrade their passwords to the recommended plugin: caching_sha2_password.

mysql_native_password is using MD5 based hashes, which are very well known to be vulnerable to collisions and are easy to crack. caching_sha2_password on the other hand uses SHA2 hashes, that are more secure.