9.10. Securing Database Connections
You’re using a database backend in your application, and you want to ensure that network traffic between your application and the database server is secured with SSL.
MySQL 4.00, PostgreSQL 7.1, and newer versions of each of these servers support SSL-enabled connections between clients and servers. If you’re using older versions or another server that’s not covered here that does not support SSL natively, you may wish to use Stunnel (see Recipe 9.5) to secure connections to the server.
In the following subsections we’ll look at the different issues for MySQL and PostgreSQL.
SSL support is disabled when you are building MySQL. To build MySQL
with OpenSSL support enabled, you must specify the
options on the command line to the configuration script. Once you
have an SSL-enabled version of MySQL built, installed, and running,
you can verify that SSL is supported with the following SQL command:
SHOW VARIABLES LIKE 'have_openssl'
If the result of the command is yes, SSL support is enabled.
With an SSL-enabled version of MySQL running, you can use the
GRANT command to designate SSL requirements for
accessing a particular database or table by user. Any client can
specify that it wants to connect to the server using SSL, but with
GRANT options, it can be required.
When writing code using the MySQL C API, use the following
function to establish a connection ...