[stunnel-users] Stunnel on the same machine

Peter Pentchev roam at ringlet.net
Fri Oct 5 13:18:10 CEST 2007


On Thu, Oct 04, 2007 at 12:51:53PM -0500, Luis Rodrigo Gallardo Cruz wrote:
> On Thu, Oct 04, 2007 at 06:54:52PM +0530, subrata at indiatimes.com wrote:
> > Hi
> > 
> > I want to configure to encrypt mysql both client and server on the same machine. Ie the 
> > /usr/local/mysql/bin/mysql -u root -p on the same machine where my mysql daemon is located.
> > 
> > How to achieve this.
> 
> It's a pointless thing to do. Anyone who could listen in to the
> conversation between the client and daemon can listen to the
> conversation between client and stunnel.

Absolutely correct.

Speaking of MySQL, the recent versions actually have the ability to
encrypt the connection - on the MySQL level, by passing the appropriate
options to the mysql_connect() function or its equivalent, in the language
API used.  That is, you can tell the MySQL client to open an encrypted
connection to the server, at which point all the traffic is encrypted,
there is no weak link -- well, except for the possibility of someone
actually tracing the client program, instruction by instruction, examining
its memory space and so on, but I think this is where most people can
safely draw the line of paranoia vs. usability :)

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
I am not the subject of this sentence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20071005/7ca3b64f/attachment.sig>


More information about the stunnel-users mailing list