MySQL default authentication plugin issue MySQL 缺省身份验证插件问题
It is possible to connect to a MySQL 8 Database using Joomla 
, however it requires a customisation on the MySQL 8 installation configuration. The reason is that MySQL 8 has a lot of low-level changes including the default authentication plugin changing to sha256_password from mysql_native_password. The native PHP MySQL-Driver doesn't currently support MySQL 8 with this plugin. PHP 7.3 (alpha) is supporting MySQL 8 though.
可以使用 Joomla 连接到 MySQL 8数据库,但是需要对 MySQL 8的安装配置进行定制。原因是 MySQL 8有很多低层次的改变,包括默认的身份验证插件从 MySQL _ native _ password 改为 sha256_password。原生 PHP MySQL-Driver 目前不支持 MySQL 8。
PHP 7.3(alpha)支持 MySQL 8。
MySQL configuration change to get Joomla working with MySQL 8
改变 MySQL 配置使 Joomla 能够使用 MySQL 8
If you edit the configuration file for MySQL 8, you can change the default authentication plugin for MySQL to use the older mysql_native_password. Open your configuration file sudo nano /etc/my.cnf (Please note that your file may be under a different directory) and add the following configuration:
如果你编辑 MySQL 8的配置文件,你可以修改 MySQL 的默认认证插件来使用旧的 MySQL _ native _ password。打开你的配置文件 sudo nano/etc/my.cn f (请注意你的文件可能在不同的目录下) ,并添加以下配置:
[mysqld]
default-authentication-plugin=mysql_native_password
If you don't have access to your config file then you can update your user as follows:
如果你不能访问你的配置文件,你可以更新你的用户如下:
ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Replace username with the name of the user account and password with the password belonging to the account. Restart MySQL and you are done ...well, only if you have Joomla 3.8 or 3.9 installed.
将用户名替换为用户帐户的名称,并将密码替换为属于该帐户的密码。重新启动 MySQL,你就完成了... ... 只要你安装了 Joomla 3.8或3.9。
How MySQL default authentication plugin works
MySQL 默认认证插件是如何工作的
The advantage of mysql_native_password is that it supports the challenge-response mechanism which is very quick and does not require encrypted connection. However, mysql_native_password relies on SHA1 algorithm and NIST has recommended to stop using it.
Mysql _ native _ password 的优点是它支持非常快速且不需要加密连接的挑战-响应机制。然而,mysql 原生密码依赖于 sha1算法,NIST 建议停止使用它。
Further, if two user accounts use the same password, mysql_native_password transformation is the same in the mysql.user table. Although the hash does not expose information about the actual password, it still tells which two users use the same password. To avoid that, a salt should be used. A salt is basically a random number that is used as one of the parameters to cryptographic hash functions used to transform user passwords. Since a salt is random and different for each execution, even if two users use the same passwords, the end result of transformation would look very different. Since MySQL 5.6, sha256_password authentication plugin is supported. It uses multiple rounds of SHA256 hash on a salted password to make sure that the hash transformation is more secure. However, it requires either encrypted connections or support for an RSA key pair. So, while password security is stronger, secure connections and multiple rounds of hash transformations require more time in the authentication process.
此外,如果两个用户帐户使用相同的密码,则 mysql_native _ password 转换在 mysql.user 表中是相同的。尽管散列不会公开有关实际密码的信息,但它仍然会告诉哪两个用户使用相同的密码。为了避免这种情况,应该使用盐。Salt 基本上是一个随机数,用作用于转换用户密码的加密哈希函数的参数之一。由于 salt 是随机的,每次执行都是不同的,即使两个用户使用相同的密码,转换的最终结果也会非常不同。自 MySQL 5.6以来,支持 sha256password 身份验证插件。它在加盐的密码上使用多轮 sha256散列,以确保散列转换更加安全。但是,它要求加密连接或支持 RSA 密钥对。因此,尽管密码安全性更强,但安全连接和多轮散列转换需要更多的时间进行身份验证。
caching_sha2_password tries to combine the best of both worlds. [1]
Caching _ sha2 _ password 试图将两者的优点结合起来
