使用SSL从PHP连接到mySQL
[英]Using SSL to connect to mySQL from PHP
问题描述
I have a security consultant demanding that we implement encrypted connections to mySQL. 
我有一位安全顾问,要求我们实现与mySQL的加密连接。 He is concerned that the username and pass for the db are being sent cleartext when we connect. 他担心在连接时会以明文形式发送数据库的用户名和密码。
The mysql server is on the same network as the scripts though not the same physical machine. mysql服务器与脚本位于同一网络上,尽管物理机不在同一台计算机上。 So the credentials will not be passed externally and should be fine unless the server is already compromised. 因此,凭据将不会从外部传递,并且应该很好,除非服务器已经受到威胁。
Am I right that SSL would be overkill? 我对SSL会过分正确吗?
2 个解决方案
解决方案1
2 已采纳 2010-03-10 15:45:53
If you need to implement this security measure, I would set up an encrypted SSH tunnel. 如果您需要实施此安全措施,则可以设置一个加密的SSH隧道。 On the web server: 在Web服务器上:
ssh -L 3306:localhost:3306 -N someuser@mysql.server.address
Then connect to MySQL on 127.0.0.1 in your web app, and it will be forwarded to the remote MySQL server over an encrypted SSH tunnel. 然后在您的Web应用程序中的127.0.0.1上连接到MySQL,它将通过加密的SSH隧道转发到远程MySQL服务器。
解决方案2
2 2010-03-10 15:48:47
It should be fine so long as the network isn't compromised. 只要网络不受影响就应该没问题。 That doesn't necessarily mean the web or db server. 这不一定意味着Web或数据库服务器。
Do you trust everybody who has access to the network? 您相信每个可以访问网络的人吗? (We don't know the details of your network setup, but for all we know it is shared by cheap staff in a call centre, who bring in USB sticks which they don't realize contain viruses) (我们不知道您的网络设置的详细信息,但我们所知道的全部是由呼叫中心的廉价人员共享的,他们带来了他们没有意识到的USB记忆棒,其中包含病毒)
Do you trust them enough considering the importance of whatever data is being dealt with? 考虑到处理任何数据的重要性,您是否对它们足够信任?
Even if you do, unless implementing it generates a noticeable performance penalty, it is rare that implementing more security is a bad thing. 即使您这样做,除非实施它会导致明显的性能损失,否则很少能实现更高的安全性是一件坏事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.