MySQL and encryption?

Anon

Hi,

I have to build a system like this:

a)One dedicatd server with MySQL
b)Another dedeciated server containing PHP scripts that deal with a) (search engine etc etc).
c) accesibly through the internet.

The problem is: the info in the MySQL database is confidentional. So all connections made should be secure.

How can I have the php scripts communicate with the MySQL server via a encrypted connection?

And what are possbile security risks?

toma42

Do you know how to create a network to avoid the security issues?

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-7.html
That has an example of how your network should be setup. Because the DMZ will have the db and httpd server, there is no need to encrypt communication between mysql and the httpd servers.

As for encryption between the client and httpd, openssl is what you need.

lawnmowerman

If you have control over the servers, the easiest way to secure the connectivity between the MySQL server and the web server is to put a 2nd NIC card in each server.

Then, run a cross-over cable between the two. Use non-routable IPs on this connection. Now, the MySQL server can only communicate with the web server, unless you enable IP-Masquerading on the web server.

This is very secure and requires no additional layers of software encryption to slow things down on a busy system, of course you have the cost of 2 additional network cards and a cross-over cable.

Hope this helps.

-Rich