Hi, all,
I've got quite a few questions, so I'll number them to make sure none of them get lost. I've been looking for answers to these questions on and off for about a month now but couldn't find any satisfactory information through seach engines or various forum archives, so I guess I'll check with live experts...
1) From what I gather, one rarely encrypts traffic between a MySQL database and the webserver in practice, is that right? For instance, there's very little discussion of such encryption even on this forum... 2) Is this state of things specific to the MySQL community only or is this also the case with other DB systems?
I know about the optional OpenSSL extension for MySQL but it's a huge pain to use in its present form: you need to compile the sourcecode and then install it as a module into MySQL, and I'm just getting into MySQL administration... 3) I wonder if there are easier ways to achieve the goal of encryption than using OpenSSL?
4) I am also aware of the existence of STunnel but, by the looks of it, it also requires a slightly lengthy set-up for someone who's never dealt with this app. before, no? Besides, I'm not too sure how good and efficient an alternative STunnel will turn out to be... What I want is to just get on with programming the logic of my 3-tier application and I'll appreciate any advice on how to set up the underlying groundwork as quickly as possible.
One more question, if I may. Suppose my MySQL-bound traffic passes through STunnel. Suppose also that STunnel and MySQL are installed on the same machine. 5) Am I guaranteed that the unencrypted STunnel-to-MySQL traffic won't leave the machine? 6) What if STunnel and MySQL are located on different machines but within the same LAN -- will the traffic between them stay inside the LAN for sure?
I know I may be sounding a bit paranoid about all of this but we intend to put quite sensitive information into our DB and communications with it must be firmly secure.
Now, it just may be that I'm thinking along too narrow lines and am not aware of some good alternatives. 7) In this case, can anyone suggest whether I'd be better off, for instance, using another DB system for my needs? 8) Any other fundamental suggestions?
My goal, as I mentioned, is to set up the architecture as quickly and painlessly as possible and get on to programming the business logic.
Thanks in advance for your answers!
I've got quite a few questions, so I'll number them to make sure none of them get lost. I've been looking for answers to these questions on and off for about a month now but couldn't find any satisfactory information through seach engines or various forum archives, so I guess I'll check with live experts...
1) From what I gather, one rarely encrypts traffic between a MySQL database and the webserver in practice, is that right? For instance, there's very little discussion of such encryption even on this forum... 2) Is this state of things specific to the MySQL community only or is this also the case with other DB systems?
I know about the optional OpenSSL extension for MySQL but it's a huge pain to use in its present form: you need to compile the sourcecode and then install it as a module into MySQL, and I'm just getting into MySQL administration... 3) I wonder if there are easier ways to achieve the goal of encryption than using OpenSSL?
4) I am also aware of the existence of STunnel but, by the looks of it, it also requires a slightly lengthy set-up for someone who's never dealt with this app. before, no? Besides, I'm not too sure how good and efficient an alternative STunnel will turn out to be... What I want is to just get on with programming the logic of my 3-tier application and I'll appreciate any advice on how to set up the underlying groundwork as quickly as possible.
One more question, if I may. Suppose my MySQL-bound traffic passes through STunnel. Suppose also that STunnel and MySQL are installed on the same machine. 5) Am I guaranteed that the unencrypted STunnel-to-MySQL traffic won't leave the machine? 6) What if STunnel and MySQL are located on different machines but within the same LAN -- will the traffic between them stay inside the LAN for sure?
I know I may be sounding a bit paranoid about all of this but we intend to put quite sensitive information into our DB and communications with it must be firmly secure.
Now, it just may be that I'm thinking along too narrow lines and am not aware of some good alternatives. 7) In this case, can anyone suggest whether I'd be better off, for instance, using another DB system for my needs? 8) Any other fundamental suggestions?
My goal, as I mentioned, is to set up the architecture as quickly and painlessly as possible and get on to programming the business logic.
Thanks in advance for your answers!