List:General Discussion« Previous MessageNext Message »
From:Sasha Pachev Date:April 23 1999 4:23pm
Subject:Re: Secure Connections
View as plain text  
Fred Read wrote:
> 
> We need to be able to implement a secure connection between
> our MySQL clients - not necessarily "mysql" - and the MySQL
> server.
> 
> Section 6.14 of the manual mentions using ssh which would be
> ideal as we already use it for secure remote administration,
> but does not go into any detail.
> 
> Does anyone here have any experience of using MySQL over a
> ssh link between Linux and/or Solaris boxes?
> If so, we would be grateful for any assistance you might be
> able to offer us.
> 
> Thanks in anticipation...
> --

I have a port-forwarding utility called tcpgate that
will soon have the capability of turning insecure
connection into secure,but currently it cannot. Howerver
you could probably hack the source a little, link it
against your favorite encryption libary and it will
work. It is available at
http://www.sashanet.com/internet/download.html

To use it, you would send up two instances of tcpgate,
one on the MYSQL client host and one on the server host.
The client tcpgate will listen on port 3306 and will
forward traffic to the server tcpgate listening on some
funny port, which in turn will forward it to mysql
server on the same machine. Your applications on the
client will need to connect to localhost instead of the
server. As I mentioned earlier, currently there is no
ecryption, but it could be added in a couple of hours if
you already have stream ecryption libraries. 


You could probably accomplish the same trick with ssh,
but I have no experience in this area, and cannot tell
you much.

Of course, be prepared for performance degragation,
since you will have double forwarding overhead plus the
overhead of enryption/decryption.

-- 
Sasha Pachev
http://www.sashanet.com/ (home)
http://www.direct1.com/ (work)
Thread
Secure ConnectionsFred Read23 Apr
  • Re: Secure ConnectionsJules Bean23 Apr
  • Re: Secure ConnectionsFred Read23 Apr
  • Re: Secure ConnectionsFred Read23 Apr
  • Re: Secure ConnectionsSasha Pachev23 Apr
  • Re: Secure ConnectionsSasha Pachev23 Apr