Re: MySQL Secure Replication
Ivan Hoo wrote: how do you secure the replication link between the master and the slave using SSH. i understand that you can do that over mysql client and its server. pls enlighten me coz i m looking high and low for a solution on this issue. On the slave: ssh --local-forward(?) 3307:localhost:3306 foreignhost ...then set up the info for master (on the slave) to be localhost:3307. -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Wed, Jan 22, 2003 at 02:27:40PM -0500, Michael T. Babcock wrote: Ivan Hoo wrote: how do you secure the replication link between the master and the slave using SSH. i understand that you can do that over mysql client and its server. pls enlighten me coz i m looking high and low for a solution on this issue. On the slave: ssh --local-forward(?) 3307:localhost:3306 foreignhost ...then set up the info for master (on the slave) to be localhost:3307. You mean 127.0.0.1:3307, right? Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ MySQL 4.0.8: up 4 days, processed 119,323,583 queries (341/sec. avg) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Fri, 2003-01-17 at 08:51, Ivan Hoo wrote: is there any way you can implement a secure replication via ssh or sth else? Who can implement? As user you can use SSH tunnel with it. There are many tutorial about making SSH tunneling in the internet. I believe if MySQL will have some kind of transport security, it will be SSL (as industry de facto standard for similar things). As usually - if somebody is really interested for new features then they can be speed up if you do the deal with MySQL AB. Otherwise you are one of 5 million MySQL users and MySQL AB develops things in order of own priorities and this is understandable. Tõnu - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). if it can't be done, why is it in the documentation already. i can understand that if 4.0.x is still in alpha or beta stage. but now it is almost near release (gamma). the official mysql documentation (http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Ad ministration.html#Replication_Options) actually defines a few variables pertaining to ssl replication (master-ssl, master-ssl-key, master-ssl-cert). doesn't this tell you that ssl replication is already supported? regards, ivan - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Tue, 2003-01-14 at 20:47, Jeremy Zawodny wrote: has anyone been able to setup ssl secure replication for mysql? I don't believe you can do that yet. There's now way to specify the necessary credentials in the slave setup. how do i know whether the replication is actually done over ssl? There are many variables about SSL shown in SHOW STATUS output. They also include cipher currently in use and other similar stuff. This is right way to detect SSL usage because SSL has also ciphers which have no actual encryption at all. Paranoid people must verify if key length in use is long enough. Also I must note that using SSL without having appropriate ACL structure is nonsense. You must use GRANT blahblah REQUIRE SSL CIPHER blahblah. Then MySQL server just won't allow nonencrpyted connection. Otherwise default fallback mechanism will work. You'd have to sniff the network traffic and see. This is always must be done :) there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). I think so too. Tõnu - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
At 23:17 +0800 1/16/03, Ivan Hoo wrote: there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). if it can't be done, why is it in the documentation already. i can understand that if 4.0.x is still in alpha or beta stage. but now it is almost near release (gamma). the official mysql documentation (http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Ad ministration.html#Replication_Options) actually defines a few variables pertaining to ssl replication (master-ssl, master-ssl-key, master-ssl-cert). doesn't this tell you that ssl replication is already supported? No, it cannot be done. Those options have been added, yes, but they do nothing at the moment. You can specify the options and they'll be parsed, but nothing is done with their values yet. regards, ivan - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
is there any way you can implement a secure replication via ssh or sth else? regards, ivan At 23:17 +0800 1/16/03, Ivan Hoo wrote: there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). if it can't be done, why is it in the documentation already. i can understand that if 4.0.x is still in alpha or beta stage. but now it is almost near release (gamma). the official mysql documentation (http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_A d ministration.html#Replication_Options) actually defines a few variables pertaining to ssl replication (master-ssl, master-ssl-key, master-ssl-cert). doesn't this tell you that ssl replication is already supported? No, it cannot be done. Those options have been added, yes, but they do nothing at the moment. You can specify the options and they'll be parsed, but nothing is done with their values yet. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
Jeremy Zawodny wrote: there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). Except with stunnel (often recommended) or SSH (which I've had running for months doing this). PS, as with the MySQL daemon, I run my ssh tunnel under 'supervise' so as to make sure its always there and restarts if it gets killed / dies / is stupid / upgraded. -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: MySQL Secure Replication
Mostly because it can't be done (that I'm aware of). Except with stunnel (often recommended) or SSH (which I've had running for months doing this). Another option is CIPE, a method for secure tunnelling of any IP protocol using virtual network interfaces. I believe CIPE comes as standard with RedHat 7.x and above. Regards, Basil Hussain --- Internet Developer, Kodak Weddings E-Mail: [EMAIL PROTECTED] (filter bait: sql, query, queries, smallint) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Wed, Jan 15, 2003 at 09:18:50AM -0500, Michael T. Babcock wrote: Jeremy Zawodny wrote: there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). Except with stunnel (often recommended) or SSH (which I've had running for months doing this). PS, as with the MySQL daemon, I run my ssh tunnel under 'supervise' so as to make sure its always there and restarts if it gets killed / dies / is stupid / upgraded. Right. I should have said there's no built-in way it can be done because folks have doing secure replication via ssh/stunnel for years now. :-) Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ MySQL 3.23.51: up 31 days, processed 1,039,952,222 queries (381/sec. avg) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Wed, Jan 15, 2003 at 04:49:03PM -, Basil Hussain wrote: Mostly because it can't be done (that I'm aware of). Except with stunnel (often recommended) or SSH (which I've had running for months doing this). Another option is CIPE, a method for secure tunnelling of any IP protocol using virtual network interfaces. I believe CIPE comes as standard with RedHat 7.x and above. Right. And if we're shooting for an exhaustive list, some routers have proprietary encryption/tunneling systems. And you could use a more off-the-shelf IPSec or similar VPN scheme. It may be overkill, but they are options. :-) Jeremy -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ MySQL 3.23.51: up 31 days, processed 1,040,383,036 queries (381/sec. avg) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
Except with stunnel (often recommended) or SSH (which I've had running for months doing this). PS, as with the MySQL daemon, I run my ssh tunnel under 'supervise' so as to make sure its always there and restarts if it gets killed / dies / is stupid / upgraded. Right. I should have said there's no built-in way it can be done because folks have doing secure replication via ssh/stunnel for years now. :-) how do you secure the replication link between the master and the slave using SSH. i understand that you can do that over mysql client and its server. pls enlighten me coz i m looking high and low for a solution on this issue. regards, ivan --- [This E-mail scanned for viruses by Declude AntiVirus] - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL Secure Replication
On Mon, Jan 13, 2003 at 02:46:45PM +0800, Ivan Hoo wrote: hi All, has anyone been able to setup ssl secure replication for mysql? I don't believe you can do that yet. There's now way to specify the necessary credentials in the slave setup. how do i know whether the replication is actually done over ssl? You'd have to sniff the network traffic and see. there seem to be a lack of documentation on this part. Mostly because it can't be done (that I'm aware of). --- [This E-mail scanned for viruses by Declude AntiVirus] Congratulations. Why do I care which [anti]virus product you use? -- Jeremy D. Zawodny | Perl, Web, MySQL, Linux Magazine, Yahoo! [EMAIL PROTECTED] | http://jeremy.zawodny.com/ MySQL 3.23.51: up 30 days, processed 1,007,087,318 queries (381/sec. avg) - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php