MySQL8.0已經發布GA版,當前最新GA版本為8.0.12。雖然相對於之前版本,MySQL8.0沒有加入新元素,但是,經過代碼重構,MySQL8.0的優化器更加強大,同時也有一些新特性,如支持索引隱藏等。
但是,MySQL新版本中也有很多與先前版本不一樣的地方,比如在用戶創建上就有很多變化。
1. 用戶創建
創建用戶的操作已經不支持grant的同時創建用戶的方式,需先創建用戶再進行授權
mysql> grant all on *.* to 'admin'@'%' identified by 'admin123'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'admin123'' at line 1 mysql> create user 'admin'@'%' identified by 'admin123'; Query OK, 0 rows affected (0.06 sec) mysql> grant all on *.* to 'admin'@'%' ; Query OK, 0 rows affected (0.04 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
2. 用戶登錄1
當用戶密碼含有字母或數字外的特殊符號登錄時,原先使用雙引號或單引號都可以登錄,但在mysql8.0登錄時遇到問題,如下
[root@gjc18 lib]# /usr/local/mysql8.0/bin/mysql -uroot -p"root!@#123" --socket=/data/mysql/mysql3310/tmp/mysql3310.sock -bash: !@#123": event not found [root@gjc18 lib]# /usr/local/mysql8.0/bin/mysql -uroot -p'root!@#123' --socket=/data/mysql/mysql3310/tmp/mysql3310.sock mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 22 Server version: 8.0.12 MySQL Community Server - GPL
3.低版本客戶端登錄異常
錯誤號碼 2058:Plugin caching_sha2_password could not be loaded
出現這個原因是mysql8.0 之前的版本中加密規則是mysql_native_password,而在mysql8之后,加密規則是caching_sha2_password, 解決此問題方法有兩種,一種是升級客戶端驅動,一種是把mysql用戶登錄密碼加密規則還原成mysql_native_password。
如果修改用戶密碼加密規則可使用如下方式:
1). 修改加密方式:
-- 修改密碼為用不過期 mysql> ALTER USER 'root'@'%' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER; Query OK, 0 rows affected (0.02 sec) -- 修改密碼並指定加密規則為mysql_native_password mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456'; Query OK, 0 rows affected (0.01 sec) -- 刷新權限 mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) mysql>
修改完畢后再次登錄即可成功
2).使用高版本客戶端
linux低版本客戶端登錄時也會出現此情況,因此需使用高版本的客戶端
[root@gjc18 lib]# mysql -uroot -p'123456' --socket=/data/mysql/mysql3310/tmp/mysql3310.sock mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/local/mysql/lib/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory [root@gjc18 lib]# /usr/local/mysql8.0/bin/mysql -uroot -p'123456' --socket=/data/mysql/mysql3310/tmp/mysql3310.sock mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 26 Server version: 8.0.12 MySQL Community Server - GPL Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
除了密碼插件調整外,MySQL8.0其他幾個主要的新密碼策略有:
- 支持密碼過期策略,需要周期性修改密碼
- 增加歷史密碼校驗機制,防止近幾次的密碼相同(次數可以配置)
- 修改密碼是需要驗證舊密碼,防止被篡改風險
- 支持雙密碼機制,即新密碼與修改前的舊密碼同時可以使用,且可以選擇采用主密碼還是第二個密碼
- 增加密碼強度約束,避免使用弱密碼
耿小廚已開通個人微信公眾號,想進一步溝通或想了解其他文章的同學可以關注我
