Support for *sha_* password plugins

[geekgogie]

Hi Rene and Team,

First, thanks for doing a great job with ProxySQL.

Just wanted to ask and clarify on when can do we expect support for sha_ (e.g. sha256_password and caching_sha2_password) password plugins. I know it's documented here https://github.com/sysown/proxysql/wiki/MySQL-8.0 and you guys might be very busy atm but wondering if there's any timeline for the plugin support. That would be really great to know.

Thanks Rene and Team.

[GabrieleCalarota]

Following!

[renecannao]

Closing this, as proxysql supports sha256_password and caching_sha2_password for backend authentication

[GabrieleCalarota]

Which version? I have updated proxy_sql ProxySQL version 2.0.1-4-gac2e710, codename Truls
And I'm still receiving this error

ERROR 2059 (HY000): Plugin caching_sha2_password could not be loaded: lib/mariadb/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

[GabrieleCalarota]

@renecannao What about updating proxysql? No mention in the documentation...I have ubuntu 20, ProxySQL version 2.0.1-4-gac2e710, codename Truls and running update on apt does not catch any newer version

[pondix]

hi @GabrieleCalarota

I just saw this one now, writing mostly in case someone stumbles across this in future.

ProxySQL releases or major versions (i.e. going from 1.4 --> 2.0 or 2.0 --> 2.1) always go into a separate repository, you will notice that this version is INCLUDED in the repository strings:

• deb https://repo.proxysql.com/ProxySQL/proxysql-1.4.x/bionic
• deb https://repo.proxysql.com/ProxySQL/proxysql-2.0.x/bionic
• deb https://repo.proxysql.com/ProxySQL/proxysql-2.1.x/bionic

The reason is that patches (i.e. 2.1.0 to 2.1.1) should occur automatically while release or major upgrades should be done manually with a very conscious decision by adding the relative repository (this was in fact suggested and requested by the community). Although this is mentioned in the docs we'll definitely need to make it more clear.

Hope this sheds light into your issue!

[jdanilson]

Support for sha2 using a clear text password is not acceptable to our security officers. We must have a method to hash the password in such a way that we don't need nor store the clear text password. Is there plans on the drawing board to make this change to proxysql. I will note that the most recent release of mysql (8.0.34) introduces a spam message in the log that native support is deprecated; this might indicate that removal of native password support is getting closer.

[renecannao]

Work in progress ...

[aniljoshi1989]

@renecannao Do we have any update on this feature implementation (caching_cha2_password) or some way to hash the password that might be introduced in future versions?

[renecannao]

Hi @aniljoshi1989 .
It is still a work in progress.
The future is almost ready, but we are working on several features at the current time.