On 21 Sep 2004 at 10:14, Thomas Trutt wrote:
> Hello all,
>
> Ok i know this may be a simple question but i need a little help.
> I am writing a program in VB.net that uses MySQL as a backend. My net admin
> wants the log on to be encrypted??
>
> This is currently how i am connecting:
>
> Public LocalSYS As New OdbcConnection("DRIVER={MySQL ODBC 3.51
> Driver};" & _
> "SERVER=192.168.0.1;" & _
> "DATABASE=DB;" & _
> "UID=User;" & _
> "PASSWORD=Password;" & _
> "OPTION=3;")
>
> As you can see its a public variable that i have declared so that i don't
> have to continuously add it for every form in the program.. So the question
> i have is how do i change this so that it is encrypted??? Any ideas and
> suggestions would be greatly appreciated..
>
> Many thanks,
>
> Tom T
Hi Tom,
There is nothing you can do to encyrpt the password *within* you program, a
determined hacker will be able to decompile your program and get the username /
password if they have access to it.
If the potential hackers are on your network and can sniff traffic between your client
and the server, then you need to use some sort of SSL connection.
Seeing as you are using vb.net I am assuming your program runs on windows.
So far I have not seen a SSL aware windows MySQL client. You can compile one
yourself, but this doesn't seem to be an easy route.
The best option I can think of is to install stunnel ( http://www.stunnel.org ) on the
server and the client systems. ( It is available for both unix/linux and windows ).
This will SSL encyrpt all traffic on the designated ports between the client and
server, you can also set it to only accept connections with the right client
certificates.
I have succesfully used this setup in production systems.
You will have to modify your MySQL user settings so that the host is *localhost*.
Hope this helps
Regards
Ian
--
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
