mysql_connect - security on remote servers?

KendersPlace

Until now, I have always built php applications and their mysql database on the same physical server. I am now building an app that will have multiple web servers with the php application on it, and they will coordinate data transfer with a single mysql server on another physical server.

Basically, I'll have 5 to 10 web servers, and a single mysql server. They will all be on a closed private network on the same subnet.

My question - does the mysql_connect() function automatically encrypt the user password used to actually connect to the remote database? There is slim chance of this happening, but it is possible... I want to make sure a local user (disgruntled employee for example) to sniff the traffic between the web servers and the mysql database. The actual data isn't of so much concern, but if an employee got ahold of the actual password used to log into the mysql server, they could then begin running queries on the mysql server - updating data, deleting data, discovering table structures of a "confidential" application, and so on.

Without getting into SSL and security certificates, is there a way to secure this? Note, I am not talking about encrypting a user name used to log into the php application, I'm talking about the actual mysql user that the web app runs as to modify data on the mysql database.

Thanks!

toma42

by setting the security correctly in the mysql database table hosts and users, sniffing traffic should not be a concideration unless those who can sniff the traffic also have access to the web servers.

KendersPlace

Originally posted by toma42
by setting the security correctly in the mysql database table hosts and users, sniffing traffic should not be a concideration unless those who can sniff the traffic also have access to the web servers.

Thanks for the response, but I'm not sure I follow. Here is my concern....

php uses "user" and "password" to open a connection to the mysql database server. It uses this connection to query data, update data, and delete data, which is of course a critical requirement of the application.

If a rouge user were to figure out "user" and "password" (assumed by sniffing the net traffic), they could then create a connection directly with the database server, log in with these credentials, then manually write queries such as "delete * from" or updates to illegally modify data that would usually be controlled through the php application.

One consideration for this is to use IPTables on the mysql box to only allow connections on the mysql port from the web application boxes by IP. this would be fairly strong security. however, if the user was smart enough to sniff the password in the first place, they are also smart enough to unplug the web server from the network, set his own computer's IP to that of the unplugged web server, and make a connection this way.

[deleted]

My mysql server only run as bindaddress is 127.0.0.1, don't seting other IP address.
Pls tell me WHY?
Tnk u.