9.10. Securing Database Connections
Problem
You’re using a database backend in your application, and you want to ensure that network traffic between your application and the database server is secured with SSL.
Solution
MySQL 4.00, PostgreSQL 7.1, and newer versions of each of these servers support SSL-enabled connections between clients and servers. If you’re using older versions or another server that’s not covered here that does not support SSL natively, you may wish to use Stunnel (see Recipe 9.5) to secure connections to the server.
Discussion
In the following subsections we’ll look at the different issues for MySQL and PostgreSQL.
MySQL
By default,
SSL support is disabled when you are building MySQL. To build MySQL
with OpenSSL support enabled, you must specify the
--with-vio and --with-openssl
options on the command line to the configuration script. Once you
have an SSL-enabled version of MySQL built, installed, and running,
you can verify that SSL is supported with the following SQL command:
SHOW VARIABLES LIKE 'have_openssl'
If the result of the command is yes, SSL support is enabled.
With an SSL-enabled version of MySQL running, you can use the
GRANT command to designate SSL requirements for
accessing a particular database or table by user. Any client can
specify that it wants to connect to the server using SSL, but with
the GRANT options, it can be required.
When writing code using the MySQL C API, use the following
mysql_real_connect(
)
function to establish a connection ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
