Image showing the issue: https://imgur.com/a/AomDhtt

PHP isn't somehow running your script differently because it knows you did something with the mysql client, so this sounds like an issue with MySQL's authentication system.

We can wait to see what they think about it.
https://bugs.mysql.com/bug.php?id=98048

It actually happens with passwords with over 19 charaters. See my stackoverflow answer.

It is probably a issue with mysql, but since I'm not 100% sure, I'll leave this open.

Probably not a security issue.

> --- Potential security issue, not sure though ---

how could "Access denied" be a security issue to begin with?
if you get access with a random wrong password it would be

It's *potentially* a security issue because the authentication system (<- important) doesn't seem to be working correctly. Don't know exactly how it's malfunctioning, which means don't know exactly what is wrong or whether it can be abused.

You might be hitting
<https://github.com/php/php-src/blob/php-7.4.1/ext/mysqlnd/mysqlnd_auth.c#L798-L808>.

A developer at Oracle said that this is a PHP issue. Not sure if he really looked into it.

I personally would rather say it has probably something to do with MySQL, but I have very little understanding of the internals.

@cmb
Thanks for the hint, but there are 2 possible issues with it:
 - Why does it work after logging into MySQL CLI?
 - Is the error later 'converted' to "Access Denied"? I'd expect a different exception for that.

Since I'm a unnecessary middle man, I'd suggest you should talk to the assignee at Oracle. I will say the same to him.

I'd appreciate an update if you know the underlying issue or the issue has been fixed.

As you mention that logging in via shell fixes the issue, it seems unlikely that this is related to the password length. caching_sha2_password uses a cache (as the name implies) and has a different handshake depending on whether the cache is hit or not.

Most likely you are running into an issue where you specify a default socket, but the actual connection uses TCP, resulting in mysqlnd mistakenly classifying it as a secure transport. This should be fixed once https://github.com/php/php-src/pull/5034 lands.

This should be fixed now. I'm going to leave this open for now until someone can confirm. (The fix is in the current 7.4 development branch and will be in 7.4.2.)

@nikic

The MySQL assignee, did some testing and had some interesting notes. I'd recommend checking them out. (https://bugs.mysql.com/bug.php?id=98048)

Btw, when will PHP 7.4.2 be available for Ubuntu 19?

> Btw, when will PHP 7.4.2 be available for Ubuntu 19

probably never because most distributions are that stupid to think know anything better than upstream and cherry pick fixes or not

PHP 7.4.2 was released today. I updated my system - same issue.
Guess I'm waiting for PHP 7.4.3 :D

Please, before the next release test yourself. It's a really easy setup (example for Ubuntu 19):

apt update
apt upgrade

# Apache2
apt install apache2

# PHP 7.4
add-apt-repository ppa:ondrej/php
apt update
apt install php7.4-common php7.4-mysqli libapache2-mod-php7.4

# MySQL 8
wget -c https://repo.mysql.com//mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb
rm mysql-apt-config_0.8.13-1_all.deb
apt update
apt install mysql-server
mysql -u root
  CREATE USER 'php'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'Test123+++!!!';
  GRANT ALL PRIVILEGES ON mysql.* TO 'php'@'localhost';
  FLUSH PRIVILEGES;
  QUIT
# download test script from this answer: https://stackoverflow.com/a/59449405/4180937
# replace "const DB_NAME = 'test_db';" with "const DB_NAME = 'mysql';"
php test.php

---

The script will fail with "Access denied", if the bug is still present.
If the bug has been fixed it should print "Done.".