A.1: Where can I find documentation that addresses security issues for MySQL?
A.2: What is the default authentication plugin in MySQL 8.0?
A.3: Does MySQL 8.0 have native support for SSL?
A.4: Is SSL support built into MySQL binaries, or must I recompile the binary myself to enable it?
A.5: Does MySQL 8.0 have built-in authentication against LDAP directories?
A.6: Does MySQL 8.0 include support for Roles Based Access Control (RBAC)?
Questions and Answers
The best place to start is Chapter 1, Security.
Other portions of the MySQL Documentation which you may find useful with regard to specific security concerns include the following:
There is also the Secure Deployment Guide, which provides procedures for deploying a generic binary distribution of MySQL Enterprise Edition Server with features for managing the security of your MySQL installation.
The default authentication plugin in MySQL 8.0 is
caching_sha2_password. For information about
this plugin, see
Section 6.1.2, “Caching SHA-2 Pluggable Authentication”.
caching_sha2_password plugin provides
more secure password encryption than the
mysql_native_password plugin (the default
plugin in previous MySQL series). For information about the
implications of this change of default plugin for server
operation and compatibility of the server with clients and
connectors, see caching_sha2_password as the Preferred Authentication Plugin.
Most 8.0 binaries have support for SSL connections between the client and server. See Chapter 5, Using Encrypted Connections.
You can also tunnel a connection using SSH, if (for example) the client application does not support SSL connections. For an example, see Section 5.4, “Connecting to MySQL Remotely from Windows with SSH”.
Most 8.0 binaries have SSL enabled for client/server connections that are secured, authenticated, or both. See Chapter 5, Using Encrypted Connections.
The Enterprise edition includes a PAM Authentication Plugin that supports authentication against an LDAP directory.
Not at this time.