Joomla and MySQL 8

From Joomla! Documentation

Other languages:
English • ‎français

MySQL default authentication plugin issue

It's not possible to connect to a MySQL 8 Database using Joomla 3.8, 3.9 or 4.0. The reason is that MySQL 8 has a lot of changes under the hood. One change that affects Joomla is the default authentication plugin which is sha256_password instead of mysql_native_password. The native PHP MySQL-Driver don't support MySQL 8 with this plugin yet other programming languages like GO or PERL are struggling too. PHP 7.3 (alpha) is supporting MySQL 8 though.

Workaround to get Joomla working with MySQL 8

Fortunately there is a workaround! We can use the mysql_native_password default authentication plugin for MySQL. We need to open our configuration file sudo nano /etc/my.cnf (Please note that your file may be under a different directory) and add the following configuration:

[mysqld]
default-authentication-plugin=mysql_native_password

If you don't have access to your config file then you can update your user as follows:

ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Replace username with the name of the user account and password with the password belonging to the account. Restart MySQL and you are done, well only if you have Joomla 3.8 or 3.9 installed.

If you want to work with Joomla 4.0 you have to do some extra work, because the administration dashboard is blank after the installation with Joomla 4.0 and MySQL 8.

Fortunately there is a fix for that too! MySQL 8 is returning Incorrect date value: '0000-00-00' after running following insertion from the installation file /installation/sql/mysql/joomla.sql.

The following query must be run to fix this. Replace #_ with your table prefix.

UPDATE `#__modules` SET `checked_out_time` = '1000-01-01 00:00:00', `publish_up` = '1000-01-01 00:00:00', `publish_down` = '1000-01-01 00:00:00';

This is happening because since MySQL 5.7, MySQL stops supporting zeros value in date / datetime.

How MySQL default authentication plugin works

The advantage of mysql_native_password is that it supports challenge-response mechanism which is very quick and does not require encrypted connection. However, mysql_native_password relies on SHA1 algorithm and NIST has suggested to stop using it.

Further, if two user accounts use the same password, mysql_native_password transformation is the same in the mysql.user table. Although the hash does not expose information about the actual password, it still tells which two users use the same password. To avoid that, salt should be used. Salt is basically a random number that is used as one of the inputs to cryptographic hash functions used to transform user passwords. Since salt is random and different for each execution, even if two users use the same passwords, the end result of transformation would look very different. Since MySQL 5.6, sha256_password authentication plugin is supported. It uses multiple rounds of SHA256 hash on a salted password to make sure that the hash transformation is more secure. However, it requires either encrypted connections or support for an RSA key pair. So, while password security is stronger, secure connections and multiple rounds of hash transformations require more time in the authentication process.

caching_sha2_password tries to combine the best of both worlds. [1]

  1. https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/