No announcement yet.

MvOpen - secure?

  • Filter
  • Time
  • Show
Clear All
new posts

  • MvOpen - secure?

    When using MvOpen on a remote database is it secure (ie., ssl)? What determines if the url to the remote database is secure?
          <MvOPEN NAME = "test" DATABASE = "[email protected]:3306" TYPE = "mysql" USERNAME = "thisuser" PASSWORD = "thispass">
    William Gilligan - Orange Marmalade, Inc.

  • Such a connection is not secure at the application layer (i.e. mysql client to port 3306 on remote server). If you're talking to localhost, mysql client will prefer socket, but if not, and doing TCP, the interactions are not encrypted. If you're talking to a remote system over an untrusted network, you'd currently need to implement transport layer security, such as site to site VPN between the systems.

    I can have a request filed to expose the SSL constructs to mysql client at the MvOPEN level for type mysql if you'd like. It's likely to greatly increase latency of database interactions. Also MySQL is kind of ugly in how SSL connections work; it's not like SMTP or similar where you can connect and 'starttls'. You have to issue a certificate from the same CA the mysql server's certificate was issued by, put that on the client, and then require encryption for the user in question, so it's an all or nothing and if anything goes wrong your db connections are failing until fixed, not just connecting unencrypted. You'd have to renew them on an ongoing basis.
    David Hubbard
    [email protected]


    • Hi Dave,
      Thanks for the info. You actually answered the question. For me, I don't need a secure connection as everything is actually done via a trusted network (in addition to the other security that is in place). My concern was more along the lines of - can it be _easily_ done, and if so - how is it enabled. Since it is not enabled, a recent security notice I got about potential issues is not relevant - which is a good thing.
      William Gilligan - Orange Marmalade, Inc.



      This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

      This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.