Securing Connections with SSL

You can now encrypt the connections between PHP and MySQL. Normally, MySQL does all communication in plain text because it’s the fastest way to send data. However, MySQL 4.0 lets you use SSL encryption to prevent people from spying on traffic between PHP and MySQL, and MySQL 4.1 extends this to include replication over SSL.

An SSL-enabled version of MySQL doesn’t require you to use SSL for all your connections. You can set different permission levels on your accounts, so you can place varying restrictions as you see fit. For some accounts, you may not want the hassle of dealing with SSL and authentication.

Once all your systems are configured, it’s quite easy to use SSL with MySQLi. Getting everything up and running can be a bit of a struggle because you need to add OpenSSL support to both MySQL and PHP, create SSL certificates for MySQL, and also properly configure your MySQL user accounts and configuration files.

Here’s a list of what you need to do:

  1. Install OpenSSL if your system doesn’t already have it.

  2. Add SSL support to MySQL and reinstall.

  3. Add SSL support to PHP, link against the new MySQL client, and reinstall.

  4. Create SSL certificates for the MySQL server.

  5. Add SSL certificate information to your my.cnf files.

  6. Restart MySQL.

  7. Edit the MySQL GRANT table to require SSL.

  8. Connect to MySQL from PHP using SSL.

Before you can do anything, you need to have OpenSSL on your machine. Most systems come with OpenSSL preinstalled, but you can download a copy from ...

Get Upgrading to PHP 5 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.