Hi
I want to configure to encrypt mysql both client and server on the same machine. Ie the /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
How to achieve this.
regards Subrata
-- My life has changed. What about yours? Log on to the new Indiatimes Mail and Live out of the Inbox!
On Thu, Oct 04, 2007 at 06:54:52PM +0530, subrata@indiatimes.com wrote:
Hi
I want to configure to encrypt mysql both client and server on the same machine. Ie the /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
How to achieve this.
It's a pointless thing to do. Anyone who could listen in to the conversation between the client and daemon can listen to the conversation between client and stunnel.
On Thu, Oct 04, 2007 at 12:51:53PM -0500, Luis Rodrigo Gallardo Cruz wrote:
On Thu, Oct 04, 2007 at 06:54:52PM +0530, subrata@indiatimes.com wrote:
Hi
I want to configure to encrypt mysql both client and server on the same machine. Ie the /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
How to achieve this.
It's a pointless thing to do. Anyone who could listen in to the conversation between the client and daemon can listen to the conversation between client and stunnel.
Absolutely correct.
Speaking of MySQL, the recent versions actually have the ability to encrypt the connection - on the MySQL level, by passing the appropriate options to the mysql_connect() function or its equivalent, in the language API used. That is, you can tell the MySQL client to open an encrypted connection to the server, at which point all the traffic is encrypted, there is no weak link -- well, except for the possibility of someone actually tracing the client program, instruction by instruction, examining its memory space and so on, but I think this is where most people can safely draw the line of paranoia vs. usability :)
G'luck, Peter
After starting stunnel and connecting the mysql client/usr/local/mysql/bin/mysql -h 127.0.0.1 -u root -p the flow gets stuck at the Enter password prompt any suggestions how to proceed from there.
Subrata
----- Original Message ----- From: Peter Pentchev roam@ringlet.net To: Luis Rodrigo Gallardo Cruz rodrigo@nul-unu.com Cc: stunnel-users@mirt.net Sent: Fri, 5 Oct 2007 16:48:10 +0530 (IST) Subject: Re: [stunnel-users] Stunnel on the same machine
On Thu, Oct 04, 2007 at 12:51:53PM -0500, Luis Rodrigo Gallardo Cruz wrote:
On Thu, Oct 04, 2007 at 06:54:52PM +0530, subrata@indiatimes.com wrote:
Hi
I want to configure to encrypt mysql both client and server on the same machine. Ie the /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
How to achieve this.
It's a pointless thing to do. Anyone who could listen in to the conversation between the client and daemon can listen to the conversation between client and stunnel.
Absolutely correct.
Speaking of MySQL, the recent versions actually have the ability to encrypt the connection - on the MySQL level, by passing the appropriate options to the mysql_connect() function or its equivalent, in the language API used. That is, you can tell the MySQL client to open an encrypted connection to the server, at which point all the traffic is encrypted, there is no weak link -- well, except for the possibility of someone actually tracing the client program, instruction by instruction, examining its memory space and so on, but I think this is where most people can safely draw the line of paranoia vs. usability :)
G'luck, Peter
-
Luis Rodrigo Gallardo Cruz -
Peter Pentchev -
subrata@indiatimes.com