3

I'm writing my first script that will connect via SSL to a MySQL database. I have been doing a lot of reading on the subject and have come across many options on how to set it up; some that apply to my situation and some that don't. Here is my situation:

The MySQL server is on the same machine as the script. My SSL Certificate is installed. Is it secure to simply connect to the database via a page that is using SSL with the following code?

Connecting via https://www.mysitehere.com/myscript.php

$con = mysql_connect("localhost", "username", "password", MYSQL_CLIENT_SSL);
if (!$con) {die('Could not connect: ' . mysql_error());}
mysql_select_db("my_database", $con);
Improve this question
4
  • 3
    I can see the need for a remote connection, but why would you need SSL for a local one? Would you not preferably connect through a socket? Not sure I understand. Commented Jun 28, 2011 at 19:24
  • oh, so are saying that I don't need the MYSQL_CLIENT_SSL Commented Jun 28, 2011 at 19:27
  • 2
    There's (generally) not much reason to use SSL if your server is on the same machine as your client -- it's not like your traffic is going over an insecure/untrusted link, and it will add computational overhead. Commented Jun 28, 2011 at 19:27
  • 3
    I can't see a reason why. If you have a man in the middle or other attack on your machine, it is compromised beyond salvation anyway. Commented Jun 28, 2011 at 19:28

1 Answer 1

Reset to default
1

The MySQL server is on the same machine as the script. My SSL Certificate is installed. Is it secure to simply connect to the database via a page that is using SSL with the following code?

If you control the server(VPS) and PHP is on the same machine as MySQL(only need to allow connections from same machine) than it is pointless to use SSL for MySQL and will only result in overhead. You should just use firewall to protect MySQL like you should also do with memcached.

Otherwise you could read this section from MySQL to configure SSL. I think involves a little bit more than just $con = mysql_connect("localhost", "username", "password", MYSQL_CLIENT_SSL); . For example you need to configure your SSL Certificate:

mysqld --ssl-ca=ca-cert.pem \
       --ssl-cert=server-cert.pem \
       --ssl-key=server-key.pem
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

SSL encrypts the data in transit so its safer in the event it's intercepted, having a firewall setup only doesn't do this. You should have both in an ideal world.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.