For postgresql it has been there for long time:
postgres://{username}:{password}@{domain}:5432/{dbname}?sslmode=require
For MySQL it can also be done with current PyDAL. My understanding is that
MySQL requires certificates so you
1) you need to install certificates
2) on server side in my my.ini:
require_secure_transport=true
tls_version=TLSv1,TLSv1.1,TLSv1.2
ssl-ca=*install_path*/ca-cert.pem
ssl-cert=*install_path*/cert.pem
ssl-key=*install_path*/key.pem
3) on web2py side:
ssl = { 'cert': '*install_path/cert.pem*',
'key': '*install_path*/key.pem',
'ca': '*install_path*/ca-cert.pem'}
DAL('mysql://....', driver_args = {'ssl': ssl})
Mind I did not try this. All I am telling you is how to use driver_args to
pass ssl info to the mysqldb.connect( ...., ssl = ...) function.
On Friday, 31 August 2018 22:07:54 UTC-7, appjar...@gmail.com wrote:
>
> I was curious if the ability to connect securely to a database service
> (without an SSH tunnel) was added to 2.17.1? Thanks.
>
>
>
> On Wednesday, January 31, 2018 at 12:27:01 AM UTC-6, appj...@gmail.com
> wrote:
>>
>> Hi, I wanted to check back to see if there was any update on this.
>>
>> With more and more database solutions moving to hosted DB services (so no
>> SSH tunnels), Web2Py apps do not have the ability to connect to these
>> securely.
>>
>> We are stuck hosting a dedicated machine to server our MySQL and run an
>> SSH server. We'd like to switch to Amazon Aurora for example.
>>
>>
>> On Wednesday, October 11, 2017 at 11:52:02 AM UTC-5, Massimo Di Pierro
>> wrote:
>>>
>>>
>>>
>>> On Saturday, 7 October 2017 01:55:53 UTC-5, appj...@gmail.com wrote:
>>>>
>>>> Thank you Massimo!
>>>>
>>>> There is a great detailed deployment recipe for SSH tunneling to your
>>>> database server from a Heroku app instance (dyno). It works as of this
>>>> post.10/8/17
>>>>
>>>> https://stackoverflow.com/questions/21575582/ssh-tunneling-from-heroku/46629121#46629121
>>>>
>>>> There are 2 issues/questions with this though:
>>>>
>>>> 1) So now that I can tunnel in, I have a performance question: Since
>>>> the mysql database server will be making all of its connections to
>>>> localhost is that a single connection rather than multiple? Will I lose
>>>> database read concurrency? If so, will either that or the SSH tunnels be
>>>> a
>>>> bottleneck and severely degrade my database performance?
>>>>
>>>
>>> web2py has connection pooling. Each of connection from the pool will go
>>> through the tunnel, concurrently up to the max number in the pool.
>>>
>>>>
>>>> 2) SSH tends to be flaky and drop connections leaving a broken Web2py
>>>> app instance. Any suggestions on best practices for handling that case?
>>>>
>>>
>>>
>>> No. Sorry. If others have suggestions I would like to hear them.
>>>
>>>
>>>>
>>>> It's too bad DAL doesn't support secure connections. Encrypted
>>>> database connections are pretty standard nowadays and I see there are
>>>> python mysql connectors that do. Has anyone successfully swapped out the
>>>> one that ships with one of those?
>>>>
>>>
>>> It would be easy to add. we will work in it.
>>>
>>>
>>>>
>>>> Cloud deployment is new to me so I really appreciate the help, and I
>>>> love using Web2py so thanks for making it and the ongoing support!
>>>>
>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
