is password sent in clear text using mysql connect?
jackvull
9:50 pm on Aug 14, 2009 (gmt 0)
is the password sent in clear text using mysql_connect? If so, is there a more secure way of connecting to a remote mysql server that doesn't have ssh accessible?
eelixduppy
12:12 am on Aug 17, 2009 (gmt 0)
I am actually not sure about this. You can try to sniff it to see if anything shows up. I know there is a SSL option when you connect, ie:
Look into Chap and MD5 authentication, there are a few tutorials out there. If I remember correctly, the password itself never even ends up being sent through.
jackvull
6:36 pm on Aug 19, 2009 (gmt 0)
I have no access to administer the remote mysql database apart from the actual data inside it. The host company don't permit this so there's no way it can recognise where the request from the client is coming from. ?
Pico_Train
6:18 am on Aug 20, 2009 (gmt 0)
Hi actually my comment was off a bit, I was referring to logins and not mysql_connect, sorry! Must be the meds...cough cough, sniffle sniffle...
eelixduppy
11:01 pm on Aug 20, 2009 (gmt 0)
The login will be sent over in plain text. You should look into using the TLS/SSL protocols if you want protection from eavesdropping.
jackvull
11:13 pm on Aug 20, 2009 (gmt 0)
again, the remote server is not administered by me. There is one protocol only and that is http over to mysql's standard port. :(
