mysql network security
Does anyone know of a method for encrypting the network traffic to and from a mysql database running on Redhat ES 2.1? At the moment, only perl automation and php web pages are accessing the database. Many Thanks, ./Andrew
Re: mysql network security
On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote: Does anyone know of a method for encrypting the network traffic to and from a mysql database running on Redhat ES 2.1? At the moment, only perl automation and php web pages are accessing the database. You could tunnel your connections over an ssh tunnel, or setup an ipsec tunnel. --Doug -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: mysql network security
Thanks for the quick response. I've never setup an ipsec before. I have been toying with the idea of using cipe to create a PPTP virtual network for the server to talk on. But the time to work on this project has not presented itself as of yet. I was wondering if there was an interface within mysql that would allow for encrypted traffic. The majoroity of my connection are cron jobs doing automated tasks, an ssh connection feels icky. (Yes.. a technical term) - Original Message - From: Doug Clements [EMAIL PROTECTED] To: Andrew Falgout [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 12:03 PM Subject: Re: mysql network security On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote: Does anyone know of a method for encrypting the network traffic to and from a mysql database running on Redhat ES 2.1? At the moment, only perl automation and php web pages are accessing the database. You could tunnel your connections over an ssh tunnel, or setup an ipsec tunnel. --Doug -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: mysql network security
On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote: Does anyone know of a method for encrypting the network traffic to and from a mysql database running on Redhat ES 2.1? At the moment, only perl automation and php web pages are accessing the database. MySQL 4.0 and up have native SSL support. -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ MySQL 4.0.15-Yahoo-SMP: up 53 days, processed 2,005,359,631 queries (431/sec. avg) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: mysql network security
Well, you would only need to setup a single ssh tunnel. All your different apps could then use the single tunnel. You could even setup RSA authentication so that it could start manually with no password entering required. Have it automatically come up on boot, etc. MySQL has no encryption built-in, as far as I know. I would be surprised if it did. The correct way would be to use an established mechanism for secure communications such as ssh or ipsec instead of re-implementing basically the same thing in the application. I would not so much recommend pptp. SSH would likely be much easier to setup (especially if you're already using unix-like machines on both the client and server) and definately more secure. IPSEC would also be significantly more difficult, but you wouldn't have to worry so much about the secure session going down. --Doug On Thu, Nov 06, 2003 at 12:12:14PM -0600, Andrew Falgout wrote: Thanks for the quick response. I've never setup an ipsec before. I have been toying with the idea of using cipe to create a PPTP virtual network for the server to talk on. But the time to work on this project has not presented itself as of yet. I was wondering if there was an interface within mysql that would allow for encrypted traffic. The majoroity of my connection are cron jobs doing automated tasks, an ssh connection feels icky. (Yes.. a technical term) - Original Message - From: Doug Clements [EMAIL PROTECTED] To: Andrew Falgout [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 12:03 PM Subject: Re: mysql network security On Thu, Nov 06, 2003 at 11:41:54AM -0600, Andrew Falgout wrote: Does anyone know of a method for encrypting the network traffic to and from a mysql database running on Redhat ES 2.1? At the moment, only perl automation and php web pages are accessing the database. You could tunnel your connections over an ssh tunnel, or setup an ipsec tunnel. --Doug -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Delphi and Mysql - Data Security
I am using Delphi to connect to and update data on a mysql server. Is there any problem with data security? Will it automatically establish a secure connection? Thanks everyone for all your help. Elizabeth
Re: Mysql and security?
msquared a crit : Perhaps you want to distribute a CD full of databases, and people buy access to specific databases. access = password IMHO, this method can't protect the content of the CD. Hace a closer look : - you have read acces to the CD (files-level read access), but your MySQL server asks for a password when you want to read a particular table. - so, copy the content of the CD to hard-disk (included privs database) - edit manually (vi -b) the passwords table, replace the existing encrypted password with one you know the clear text - use MySQL with the table stored on the hard-disk - you are prompted for a password, enter yours - you have access to the CD content without the original password ( you have just win some maps of Australia :) I think it would work Nicob - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Mysql and security?
Hi! On Feb 01, Nicolas GREGOIRE wrote: msquared a ecrit : Perhaps you want to distribute a CD full of databases, and people buy access to specific databases. access = password IMHO, this method can't protect the content of the CD. Hace a closer look : - you have read acces to the CD (files-level read access), but your MySQL server asks for a password when you want to read a particular table. - so, copy the content of the CD to hard-disk (included privs database) - edit manually (vi -b) the passwords table, replace the existing encrypted password with one you know the clear text - use MySQL with the table stored on the hard-disk - you are prompted for a password, enter yours - you have access to the CD content without the original password ( you have just win some maps of Australia :) I think it would work Nicob It wouldn't work if the password is used to decrypt the content. And there could be different passwords for different maps. Having different passwords for every possible combination of maps from the CD poses an interesting mathematical problem, but I am not sure it's impossible. Regards, Sergei -- MySQL Development Team __ ___ ___ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik [EMAIL PROTECTED] / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany ___/ - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Mysql and security?
On Fri, Jan 05, 2001 at 12:10:55AM -0800, Jeremy D. Zawodny wrote: Is it possible to make a mysql database safe to publish it via an CD so that noone could read it even if he has good knowledges about mysql What good would publishing a database be if nobody can read it? Perhaps you want to distribute a CD full of databases, and people buy access to specific databases. access = password It means that you don't have to create a different CD for each database, and therefore don't have to ship multiple CDs. I know some government department does that with Australian geographical maps. They send you the CD, which contains all the maps, but you have to pay to unlock the maps you need. Or at least I think that's how it works. :) 2 Regards, /|/| / | - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php