Authentication in MariaDB 10.4 — Understanding the Changes

MariaDB Server 10.4 came with a whole lot of Security related changes. Some of them are merely optimizations (like MDEV-15649), some improve existing features to be more robust (MDEV-15473, MDEV-7598) or convenient (MDEV-12835, MDEV-16266). Some are MySQL compatibility features, requested by our users (MDEV-7597, MDEV-13095).

But the first thing any MariaDB Server user, whether an experienced veteran or a newbie, does — before even issuing the first SQL statement — is logging in. Authenticating to the database server. Read more

Who are you? The history of MySQL and MariaDB authentication protocols from 1997 to 2017

MySQL 3.20 to 4.0

In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to play with the PC. People used telnet and ftp, although some security conscious admins already knew ssh.

Somewhere around this time, give or take a few years, MySQL was born. And it had users, who had to be kept away from seeing others’ data, but allowed to use their own. Read more