Question: Insecure authentication plugin (mysql_native_password)

[engemil]

In the documentation you recommend the use of mysql_native_password authentication plugin:

Warning : if you use a MySQL database, make sure to use the mysql_native_password authentication plugin, either by using the --default-authentication-plugin option when starting mysql, or by running a query to enable the authentication plugin for the invoiceshelf user, e.g. :

alter user 'invoiceshelf' identified with mysql_native_password by '<your password>';

On the other hand, MariaDB reports this solution to be unsafe (https://mariadb.com/kb/en/authentication-plugin-mysql_native_password/).

Is the solution dependent on using this plugin, or is there flexibility?

[gdarko]

Hey @engemil - The documentation is being updated. This will be corrected.

The recommended way nowadays is to run it with one of the docker-compose variants. (docker-compose.{mysql|sqlite|pgsql}.yml)

See here for more details: https://github.com/InvoiceShelf/docker?tab=readme-ov-file#run-with-docker-compose