Geek Answers Handbook

MySQLdb security when connecting to a remote server?

db = MySQLdb.connect(host ="host", user="user", passwd="pass", db="dbname") q = db.cursor()

So, what is my code block, I'm just wondering how easy it would be to redesign, and does mysqldb really send authentications over plain text?

I am creating a program that connects to mySQL server via the Internet, can anyone get my credentials?

Can someone get my server registration information?

+4
source share
3 answers

The MySQL server can be configured to use SSL to secure the connection. See here for an example of using MySQLdb with an SSL connection and here for some server configuration information.

+1
source

In the above example, the username, password and all other data will be sent in clear text.

Here are two related questions of Python MySQLDB SSL Connection , CA SSL SSL option for Python MySQLdb does not work, but does the key do?

If you have access to configure, configure the MySQL server, we can help configure SSL.

MySQL supports encrypted connections. The MySQL server you are connecting to must be configured to use SSL, and the client must add an SSL parameter when connecting.

Using SSL Connections

 shell> mysql --ssl-ca=ca-cert.pem ...

You can check if a server that supports SSL is connected by adding --ssl-ca=ca-cert.pem . ca-cert.pem: use this as an argument - ssl-ca on the server and client side. (The CA certificate, if used, must be the same on both sides.)

The MySQL SSL example describes the process of configuring MySQL for and connecting to SSL.

+1
source

Passwords should not be hardcoded in code. Python has an agreement with the config.py module, where you can store these values โ€‹โ€‹separately from the rest of your code.

Please see here:

http://dev.mysql.com/doc/refman/5.5/en/connector-python-coding.html

The SSL question to prevent information disclosure was given above.

Fabio @fcerullo

0
source

More articles:


All Articles