On Thu, Oct 04, 2007 at 12:51:53PM -0500, Luis Rodrigo Gallardo Cruz wrote:
On Thu, Oct 04, 2007 at 06:54:52PM +0530, subrata@indiatimes.com wrote:
Hi
I want to configure to encrypt mysql both client and server on the same machine. Ie the /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
How to achieve this.
It's a pointless thing to do. Anyone who could listen in to the conversation between the client and daemon can listen to the conversation between client and stunnel.
Absolutely correct.
Speaking of MySQL, the recent versions actually have the ability to encrypt the connection - on the MySQL level, by passing the appropriate options to the mysql_connect() function or its equivalent, in the language API used. That is, you can tell the MySQL client to open an encrypted connection to the server, at which point all the traffic is encrypted, there is no weak link -- well, except for the possibility of someone actually tracing the client program, instruction by instruction, examining its memory space and so on, but I think this is where most people can safely draw the line of paranoia vs. usability :)
G'luck, Peter