Re: secure web server to database server connection

Fri, 26 Jan 2001 09:17:49 -0800 

Hi Patrick,

You can try something like:
ssh -L 6969:ukdb-qa:6666 root@ukdb-qa
Use the above on a remote host (lets call it wms-qa). This assumes ukdb-qa is
running a mysqld on port 6666. This command will cause wms-qa to listen on port
6969 for connections and forward them all across a secure connection to ukdb-qa
and to then connect from ukdb-qa to localhost on port 6666. So you have a secure
channel.

When you test this on wms-qa you will use a command like
mysql -h 127.0.0.1 -u root -P 6969 test
If you try to use mysql -h localhost you will get a can't find socket file error.
I think that's cause mysql sees the localhost and looks for a socket file to
connect via instead of going to the port. (a bug?)

I tested this on two linux boxes succesfully (after I fixed that socket file
error thing I mentioned). You'll need to run an sshd on both of them of course.

If you do any benchmarking with this setup let me know as I'm curious about
performance.

Mark Maunder.

Patrick Goetz wrote:

> Currently, every system I've set up is small enough so as to have the web
> server and the database server on the same machine.  Consequently, loss of
> security due to packet-sniffing can be completely controlled by using,
> say, apache-ssl, since communications between the web server and the
> database server take place inside a single machine.
>
> It just occurred to me, however, that this becomes a much bigger problem
> when the web server(s) and the database server are running on different
> machines.  Does anyone know if there is a canonical way of securing the
> data connection between the web and database servers or is this usually
> handled by simply putting the database server behind a firewall?
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to