MySQL :: Re: Could a password be packet sniffed?

Contact MySQL |
Login | Register

The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

Re: Could a password be packet sniffed?

Posted by: Mike Burgoon
Date: June 29, 2010 06:06PM

In short, yes the username/password could be sniffed. Here is a good resource if you haven't already read it:

http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html

I'm not sure how your application is designed but in most cases the MySQL database is never Internet facing. In other words when you connect to MySQL from within your application it is only done from within your Intranet (local network). Sniffing is usually not a concern inside your local network because you should be taking steps to secure anyone from getting inside of it (firewalls, vpns, rouge network scanners, etc). Basically if someone maliciously gets inside your network... you're going to have bigger problems than them sniffing local packets.

However if you have to have the database Internet facing, or are overly cautious, you have really two options:

1) Use MySQL over SSL (MySQL versions 4/higher support this). Good luck getting this going though, I've been unsuccessful myself.

2) Use a secure tunnel (i.e. IPSec). Here you create an SSH tunnel (secure SSH is pretty easy to configure) and forward such tunnel to your MySQL port. This is a little complicated when doing it within an application however.

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Views

Written By

Posted

Could a password be packet sniffed?

11288

Lee T

June 17, 2010 06:46AM

Re: Could a password be packet sniffed?

9402

Mike Burgoon

June 29, 2010 06:06PM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.