You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Authentication plugin: The default_authentication_plugin setting is commented out in my.ini, which may result in less secure legacy authentication being used
Exposed configuration: Sensitive server configuration including paths and security settings are stored in plain text
⚡ Recommended focus areas for review
Security Risk The initialization script uses --initialize-insecure flag which creates the root account without password protection
Security Risk Root password is explicitly set to empty string, leaving database vulnerable to unauthorized access
Configuration Concern Important security settings like default_authentication_plugin are commented out, which may affect authentication security
Initialize MySQL with secure password generation instead of an insecure blank password
The --initialize-insecure flag creates a root user without a password, which is a security risk. Use --initialize instead to generate a secure random root password.
Why: Using --initialize-insecure creates a significant security vulnerability by setting up MySQL with no root password. Switching to --initialize is crucial for security as it generates a random root password.
9
Avoid using empty passwords for root database users
Setting an empty root password creates a significant security vulnerability. Set a strong default password or require one during initialization.
Why: Empty root passwords pose a severe security risk, making the database vulnerable to unauthorized access. Using a placeholder for a required password is a critical security improvement.
9
Enable explicit secure authentication plugin instead of relying on defaults
Enable the default authentication plugin setting to use mysql_native_password for better security and compatibility.
Why: Explicitly setting mysql_native_password as the authentication plugin enhances security and ensures consistent authentication behavior across different MySQL versions.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Type
enhancement, configuration changes
Description
bearsampp.conf,my.ini, andmy.ini.ber.build.propertiesto reflect the new bundle release version 2024.12.1.releases.propertieswith the release details for MySQL 9.1.0.Changes walkthrough 📝
init.bat
Add MySQL 9.1.0 initialization batch scriptbin/mysql9.1.0/init.bat
bearsampp.conf
Add MySQL 9.1.0 configuration filebin/mysql9.1.0/bearsampp.conf
my.ini
Add MySQL 9.1.0 my.ini configurationbin/mysql9.1.0/my.ini
my.ini.ber
Add backup configuration for MySQL 9.1.0bin/mysql9.1.0/my.ini.ber
build.properties
Update bundle release versionbuild.properties
releases.properties
Add MySQL 9.1.0 release informationreleases.properties