search

boostorg / mysql

MySQL C++ client based on Boost.Asio
https://www.boost.org/doc/libs/master/libs/mysql
Boost Software License 1.0
252 stars 32 forks source link

caching_sha2_password should not require SSL #313

Open anarthal opened 2 months ago

anarthal commented 2 months ago

We can request the server's public key and encrypt the password with it instead of failing the operation. This requires a significant refactor in the handshake code.

vlaben commented 2 months ago

My game server sending data to database via DLL would benefit from this improvement :) (the game server and the MySQL server runs on the same machine).

An encrypted connection on a local network would be overkill IMHO - an unencrypted connection established using an RSA key pair for password exchange would satisfy caching_sha2_password requirements (win - TCP/IP).

Right now, we still have the option to use mysql_native_password, even after changes 8.4. However, this option is deprecated.

In other words - implementing this enhancement would be a great solution in a local network client-server scenario, where the default authentication plugin is used, but an unencrypted connection is preferred.

One more important thing - Thank you sir for all your work. 🥇 I really appreciate the library!

anarthal commented 2 months ago

Thanks.

It's actually removed in 9.0, which is causing terrible pain in CIs.

I agree that'd be useful in your case, but if you're doing Windows specific stuff, you'll find named pipes (#89) faster. Which I should code someday, too :)

anarthal commented 2 months ago

Anyway, thanks for pointing out your need - I need more users like you :)