Fred Read wrote:
> Sasha Pachev wrote:
> > To use it, you would send up two instances of tcpgate,
> > one on the MYSQL client host and one on the server host.
> > The client tcpgate will listen on port 3306 and will
> > forward traffic to the server tcpgate listening on some
> > funny port, which in turn will forward it to mysql
> > server on the same machine. Your applications on the
> > client will need to connect to localhost instead of the
> > server. As I mentioned earlier, currently there is no
> > ecryption, but it could be added in a couple of hours if
> > you already have stream ecryption libraries.
> Thanks for the offer, we will consider it as well as the
> ssh option.
> > Of course, be prepared for performance degragation,
> > since you will have double forwarding overhead plus the
> > overhead of enryption/decryption.
> Yes, but the COPs department are a litle paranoid and insist
> on encryption so using ssh as an encrypting proxy may be the
> only way to go...
Why not just physically isolate the network path between
the client and the server, so that the only way to
eavesdrop will be to break into one of the hosts?