RE: Initiating secure connection to MySQL4 from PHP
On Mon, 2003-01-13 at 23:48, David Rock wrote: Hello, This is discouraging after I spent most of the weekend getting OpenSSL working with our MySQL 4 server. Unfortunately I can't use Stunnel to secure the connection between our website and our MySQL server because our ISP will not allow me to run the Stunnel daemon on their servers. They have a web server farm and claim that they would need to configure Stunnel for me on each of their servers in the farm. How do people typically handle setting up Stunnel to secure their connections from a public ISP to their MySQL server? Is it possible that I only need to run the Stunnel daemon on my MySQL box? Securing the connection between a public ISP and a privately-hosted MySQL server seems like something that many people would have overcome by now. Am I really at the mercy of my ISP on this? Usually SSL can be used with separate wrapper program on any side. But this is usually. SSL handshake is different in MySQL because compatibility issues. Even when doing handshake with SSL enabled MySQL client, first packet is sent without encryption. There is a byte or two having bits named Client capabilities. If client want to establish SSL connection it raises bit I want SSL, server responds with similar structure Server capabilities having server can do SSL. Only after that all negotiation gets repeated with SSL turned on. This is why it is impossible to use stunnel on client side only and use native SSL of MySQL server (or opposite). In case of serious interest I can develop some separate piece of code which allows to fake first MySQL handshake packet or handle this issue somehow but it does not look serious idea to me :). Tõnu - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Initiating secure connection to MySQL4 from PHP
Could someone please post the basics on connecting to a MySQL 4 server from PHP at my website using a secure connection? The server is ready to accept a connection, I'm just not sure what to do next to initiate it. It seems like I would need to set something up at our ISP to talk securely to the remote MySQL server but not sure what. Thanks, David Rock - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Initiating secure connection to MySQL4 from PHP
would like to help you but I can't. This is PHP issue, not MySQL-s. SSL connections are supported by MySQL, they are also available in C API but I am not sure if and how PHP uses them. Looking up into PHP manual http://www.php.net/manual/en/ref.mysql.php won't show up needed functionality for this. You have three options: 1. Use third party tunnel (CIPE, stunnel, ssh for example) to encrypt communication. [...] I second that. If you use a local connection, IMHO there is no need to use SSL. If you use a remote connection, you would probably better succeed using stunnel (or sslwrap or some other SSL tunneling). - Cs. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Initiating secure connection to MySQL4 from PHP
On 13 Jan 2003, at 18:49, Tonu Samuel wrote: I would like to help you but I can't. This is PHP issue, not MySQL-s. SSL connections are supported by MySQL, they are also available in C API but I am not sure if and how PHP uses them. Looking up into PHP manual http://www.php.net/manual/en/ref.mysql.php won't show up needed functionality for this. For some reason the MYSQL_CLIENT_SSL constant isn't mentioned on that page, but it is on this one: http://www.php.net/manual/en/function.mysql-connect.php So theoretically it should be possible to make the SSL connection as long as you have PHP 4.3.0. [Filter fodder: SQL] -- Keith C. Ivey [EMAIL PROTECTED] Tobacco Documents Online http://tobaccodocuments.org Phone 202-667-6653 - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Initiating secure connection to MySQL4 from PHP
On Monday 13 January 2003 17:49, Tonu Samuel wrote: Hi, Currently PHP's mysql extension doesn't support SSL. This will be available in PHP 5. Regards Georg - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Initiating secure connection to MySQL4 from PHP
Hello, This is discouraging after I spent most of the weekend getting OpenSSL working with our MySQL 4 server. Unfortunately I can't use Stunnel to secure the connection between our website and our MySQL server because our ISP will not allow me to run the Stunnel daemon on their servers. They have a web server farm and claim that they would need to configure Stunnel for me on each of their servers in the farm. How do people typically handle setting up Stunnel to secure their connections from a public ISP to their MySQL server? Is it possible that I only need to run the Stunnel daemon on my MySQL box? Securing the connection between a public ISP and a privately-hosted MySQL server seems like something that many people would have overcome by now. Am I really at the mercy of my ISP on this? Thanks for your help, David Rock -Original Message- From: Georg Richter [mailto:[EMAIL PROTECTED]] Sent: Monday, January 13, 2003 12:21 PM To: Tonu Samuel; David Rock Cc: '[EMAIL PROTECTED]' Subject: Re: Initiating secure connection to MySQL4 from PHP On Monday 13 January 2003 17:49, Tonu Samuel wrote: Hi, Currently PHP's mysql extension doesn't support SSL. This will be available in PHP 5. Regards Georg - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php