is data secure between PHP and mySQL?

sneakyimp

howdy:

i'm just getting started dealing with some potentially sensitive data. I'm concerned about security. How secure is mySQL? Is data ever vulnerable to sniffing or snooping between PHP and the database? What are best practices for protecting user and password for a db in php?

any help would be much much much appreciated.

bubblenut

Is your webserver running on the same server or network as MySQL?

MarkR

If the MySQL server is local, then things are pretty secure. An additional security option is to disable TCP on the MySQL server, which limits it to local connections (On Unix, and limits it to trusted connections on NT). If the MySQL server is over a non-trusted network, I guess you are in trouble one way or another.

SSL encryption can be used to encrypt the data between client and server ; setting this up might be nontrivial, and I've no idea how much protection it gives against man-in-the-middle attacks.

As long as the database server is itself secured, and the application (and others which use the same database) do not contain flaws, you should be fine.

Mark

sneakyimp

thanks for the response, folks.

in the current case, my php / webserver and database server are in different domains. so i'm guessing all the login and query stuff is transmitted as plain text? not cool. does this mean my login and password are vulnerable?

for what it's worth, i have encrypted the really sensitive information (financial data, account numbers, etc) with my own homegrown encryption algorithm. any truly sensitive info that's transmitted will look like 32-digit gibberish before it's entered into a query.

when you say "database server is secured", are you referring to TCP being off and such or is there some broader definition (sorry to be such an idiot here).

also, by 'flawed', is there anything in particular that you're thinking of or do you just mean it in a general sense? I'm pretty anxious to make sure my data is secure.

MarkR

As far as I'm aware, MySQL server logins / passwords are always sent encrypted using some challenge/response - but I don't think it's secure against man-in-the-middle (I could be wrong about either of these things).

Either way, the queries and results are sent in the clear for maximum performance. Using SSL for MySQL will encrypt everything.

"Different domains" is a strange term to describe the network between the machines. Is the network trusted or non-trusted?

By the network being trusted, I mean, do you trust the network not to contain intruders who can sniff your traffic, take over IPs etc.

Presumably if you use SSL for MySQL, it requires a trusted certificate to be on the server, and the client needs to know that certificate.

By "Flawed", I meant that if your application is vulnerable, it doesn't matter how secure the client-server connection is, it can be broken. SQL injection vulnerabilities are quite common in PHP apps.

Mark