Public Key Retrieval is not allowed解决方法
Public Key Retrieval is not allowed解决方法
项目场景:
问题描述:
原因分析:
解决方案:
Public Key Retrieval is not allowed解决方法
项目场景:
项目搭建初期连接mysql
问题描述:
在appllication.yml中进行数据库配置 启动空项目是,报错 Public Key Retrieval is not allowed
#数据库配置
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
username: root
password: 123456
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://192.168.56.104:3306/company?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=false
1
2
3
4
5
6
7
8
原因分析:
查看官网文档的 https:// https://mysqlconnector.net/connection-options/
Name Default Description
AllowPublicKeyRetrieval, Allow Public Key Retrieval false If the user account uses sha256_password authentication, the password must be protected during transmission; TLS is the preferred mechanism for this, but if it is not available then RSA public key encryption will be used. To specify the server’s RSA public key, use the ServerRSAPublicKeyFile connection string setting, or set AllowPublicKeyRetrieval=True to allow the client to automatically request the public key from the server. Note that AllowPublicKeyRetrieval=True could allow a malicious proxy to perform a MITM attack to get the plaintext password, so it is False by default and must be explicitly enabled.
如果用户帐号使用sha256_password认证,则在传输过程中必须对口令进行保护;TLS是实现这一点的首选机制,但如果它不可用,则将使用RSA公钥加密。要指定服务器的RSA公钥,请使用ServerRSAPublicKeyFile连接字符串设置,或将AllowPublicKeyRetrieval=True设置为允许客户端从服务器自动请求公钥。请注意,AllowPublicKeyRetrieval=True可能允许恶意代理执行MITM攻击以获取明文密码,因此它在默认情况下为False,必须显式启用。
解决方案:
修改Druid的url,添加allowPublicKeyRetrieval=true
#数据库配置
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
url: jdbc:mysql://192.168.56.104:3306/company?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8&useSSL=false&allowPublicKeyRetrieval=true