Geek Answers Handbook

MySQL traffic encryption in scripts

I need to be able to encrypt MySQL traffic from a web server to a database server. I know how to set MySQL to use SSL based on server and client settings in my.cnf, however this needs to be done using mysql_connect () in PHP. This may be a 2-part question.

1) Does mysql_connect () use the MySQL client settings set in my.cnf?

If not...

I read that you can use MYSQL_CLIENT_SSL, however, where does the SSL data come from? Does MYSQL_CLIENT_SSL use automatic traffic encryption in the mysql_connect function?

Simply put, what is the best way to do this?

Thanks!

+1
source share
4 answers

If you connect to MySQL using SSL, all your traffic between your SSL client and server will be encrypted.

MYSQL_CLIENT_SSL is deprecated. Using mysqli, if you need to use SSL,

$db = mysqli_init(); $db->ssl_set(null, null,'cacert.pem',NULL,NULL); $db->real_connect('host','user','pass','db');
+4
source

As an alternative, you can also use SSH tunnels to perform compression and encryption.

+2
source

MYSQL_CLIENT_SSL been removed from PHP and should not work.

You have several options: firstly, if your web server is also your database server, you do not need encryption, because the connection never leaves your mailbox: it just uses localhost .

The second option is to use what Pablo suggested above and use SSH tunnels. An SSH tunnel essentially does the same thing as an SSL connection, except that it requires one β€œextra step" to complete it.

This seems like a pretty decent tutorial to help you get started:

http://www.revsys.com/writings/quicktips/ssh-tunnel.html

Hope this helps!

+1
source

According to http://www.php.net/manual/en/mysql.constants.php#mysql.client-flags MYSQL_CLIENT_SSL is still part of PHP 4 and 5. You need to establish an SSL connection in advance, though, you will need to generate certificates and a bunch of other problems ( http://www.madirish.net/?article=244 ), but it will encrypt the traffic between your web server and your database host.

As mentioned above, if your web server is located on the same host as the database server, this encryption is not required, since the data moves on the local socket and is not displayed on the network. SSL encryption only encrypts traffic over the network.

I would caution against using the SSH tunnel because they have a tendency to die and you have to worry about maintaining a connection.

+1
source

More articles:


All Articles