`default_authentication_plugin`

INFO

Rule IDs: sec_005

Overview

Purpose: Documented in the MySQL 8.4 manual as a server system variable (scope: Global). Purpose and semantics are described at the linked manual page.
Dynamic (MySQL 8.4 reference): MySQL 8.4 marks this variable as not dynamic (Dynamic = No). It must be set in my.cnf or on the command line; changing it requires a restart.
Default value: caching_sha2_password (MySQL 8.4)
Version and product notes: MariaDB and Percona Server may use different names, defaults, or dynamic behavior; verify their documentation.
Documentation: https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_default_authentication_plugin
Other vendors: MariaDB KB Percona Docs

What is checked

Rules that reference this variable, with their severity and what each rule detects:

INFO sec_005: Use caching_sha2_password (default in 8.0). mysql_native_password is disabled by default in MySQL 8.4.

Tuning guidance

Recommended actions:
- Use caching_sha2_password (default in 8.0). mysql_native_password is disabled by default in MySQL 8.4.
Trade-offs: Security settings protect against unauthorized access and data exposure. Tighter settings may require application changes (e.g., SSL certificates for require_secure_transport, IP-based grants for skip_name_resolve).

Example

Configure in my.cnf (or equivalent) or server startup options, then restart.

Generated from the MySQL Advisor documentation build. Dynamic Yes/No reflects the excerpt aligned with Oracle MySQL 8.4 reference material consumed by this project.