Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to secure traffic between site and MySQL?

Status
Not open for further replies.
DavidRock

DavidRock

Programmer
Jul 24, 2002
61
US
Happy Holidays -
We have a website hosted at a public ISP that uses PHP to store data in a MySQL db. The MySQL db is hosted at the same ISP as the site. And we have an SSL key installed at the ISP to encrypt traffic between our site and a client's browser. We want to change this setup by moving our MySQL data from the ISP to a new MySQL server that we have in our office. In this new scenario the traffic between a client's browser and our website would still be encrypted but what do we need to do in order to encrypt the traffic between our website and our new MySQL server hosted by us? It seems like we will need to install another SSL key on our new MySQL server (a FreeBSD machine) but not sure exactly what we need to do to get the website talking securely to the db. Any advice or direction to further reading is much appreciated.

Thanks,
David Rock
 
Sort by date Sort by votes
You need to create a Public Key infrastructure.
Define what CA type you want to use: private or public or both.
Indeed use SSL. Define the way to assisgn certificate(s)-users (as it is in IIS you can have one-to-many or many-to many).
As about the way your web server will have a dialog under SSL, few things:
- the user account used for webserver will have a certificate
- the SQL server should know how to use SSL (I don't know how MySQL can do this)
- when webserver is accessing information from SQL will be identified by that certificate.

Now, internet users if you want to let them a secure access to the webserver, then the best way is to use for them a public CA (will give trust), and a way to assign those certificates to those internet users (eg: a form, then an email with the certificate).
Those certificates will give right to the internet users into your webserver application. That's all that you need. For SQL, any request will come impersonate (with the webserver account and its private certificate).

Good,... sorry if I puzled you, but that's few things about a secure web connection + n-tier application.
Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, soon MCSE2k
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
723
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
614
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
543
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
171
Russtoleum
Russtoleum
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
470
Nitta84
Nitta84

Part and Inventory Search

Sponsor

Back
Top