Reputation: 21988
Using SSL to connect to mySQL from PHP
I have a security consultant demanding that we implement encrypted connections to mySQL. He is concerned that the username and pass for the db are being sent cleartext when we connect.
The mysql server is on the same network as the scripts though not the same physical machine. So the credentials will not be passed externally and should be fine unless the server is already compromised.
Am I right that SSL would be overkill?
Upvotes: 2
Views: 434
Answers (2)
Reputation: 943097
It should be fine so long as the network isn't compromised. That doesn't necessarily mean the web or db server.
Do you trust everybody who has access to the network? (We don't know the details of your network setup, but for all we know it is shared by cheap staff in a call centre, who bring in USB sticks which they don't realize contain viruses)
Do you trust them enough considering the importance of whatever data is being dealt with?
Even if you do, unless implementing it generates a noticeable performance penalty, it is rare that implementing more security is a bad thing.
Upvotes: 2
Reputation: 11070
If you need to implement this security measure, I would set up an encrypted SSH tunnel. On the web server:
ssh -L 3306:localhost:3306 -N [email protected]
Then connect to MySQL on 127.0.0.1 in your web app, and it will be forwarded to the remote MySQL server over an encrypted SSH tunnel.
Upvotes: 2
Related Questions
- Connect to remote MySQL server with SSL from PHP
- Mysql connection over SSL with PHP mysqli
- How to use mysqli connection with SSL
- How do I create certificates that allow PHP to connect to MySQL over SSL?
- PHP to MySQL SSL Connections
- Secure way to connect to a MySQL database
- Remote MySQL connection on a https site php?
- PHP , MySQL and SSL authentication
- MySQL database SSL connection using PHP
- Connecting to MySQL via SSL using PHP