On Mon, 2008-04-14 at 11:59 -0600, Nathan Lane wrote: > Is there any danger in connecting to remote MySQL services in a PHP > application? For example are there queries or authentication passed along in > an unencrypted manner that would be seen by the public when using a MySQL > server in a different domain than the PHP application?
Yes there is a danger. All authentication, queries, and results are unencrypted between MySQL Client (PHP) and Server. That is... Unless you use SSL as Ray suggested. It is not usually enabled by default, and takes some setup on both sides in order to use it. I suggest you read this great section of the Manual about using MySQL over SSL. http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html --lonnie _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
