AWS AmazonRDS documentation change
Summary
Added documentation on creating users with the caching_sha2_password authentication plugin in Aurora MySQL 3, despite the default remaining mysql_native_password.
Security assessment
The change documents how to use a more secure authentication plugin (caching_sha2_password) for new users, improving security practices. However, there is no evidence of addressing a specific security vulnerability in the diff.
Diff
diff --git a/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md b/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md index fbf23f2b5..976e1d152 100644 --- a//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md +++ b//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md @@ -253 +253,5 @@ For more information on binlog replication, see [Replication between Aurora and -In community MySQL 8.0, the default authentication plugin is `caching_sha2_password`. Aurora MySQL version 3 still uses the `mysql_native_password` plugin. You can't change the `default_authentication_plugin` setting. +In community MySQL 8.0, the default authentication plugin is `caching_sha2_password`. Aurora MySQL version 3 still uses the `mysql_native_password` plugin. You can't change the `default_authentication_plugin` setting. You can, however, create new users and alter current users, and their individual passwords use the new authentication plugin. Following is an example. + + + mysql> CREATE USER 'testnewsha'@'%' IDENTIFIED WITH caching_sha2_password BY 'aNewShaPassword'; + Query OK, 0 rows affected (0.74 sec)