Securing a mysql_connect call to a remote host

Forum Moderators: coopster

Message Too Old, No Replies

Securing a mysql_connect call to a remote host

Need a secure way to access MySQL server on a remote host

tollsite

9:06 pm on May 13, 2003 (gmt 0)

I need to secure a remote connection to a MySQL server. For example, I can connect using:

$db = mysql_connect("just-an-example.com","test","test");
mysql_select_db("test",$db);

And then run whatever SQL statements I want. But, I would like the information I transmit (i.e. the data in the sql statement) to be secure from client to host.

Any thoughts on how to accomplish this?

BCMG_Scott

9:13 pm on May 13, 2003 (gmt 0)

If you are running MySQL 4.x you can now create secure connections via OpenSSL. I have never tried it so I can't tell you much more than what the docs say.

"If you are using MySQL 4.0, you can also use internal OpenSSL support. See section 4.3.9 Using Secure Connections."

Scott Geiger

tollsite

10:06 pm on May 13, 2003 (gmt 0)

Scott,

Thanks for the reply. Yes, I think I can manage to get the MySQL server to create/require a secure connection using openSSL, but I am not sure how to accomplish the connection on the client/PHP side of the world.

BCMG_Scott

11:57 am on May 14, 2003 (gmt 0)

mysql_(p)connect() function:
resource mysql_connect ( [string server [, string username [, string password [, bool new_link [, int client_flags]]]]])

The piece you want is the int client_flags: you will want to use CLIENT_SSL.

This is documented on mysql.com under section 8.1.3.175 - mysql_real_connect() (www.mysql.com/doc/en/mysql_real_connect.html)

Scott