MySQL Forums
Forum List  »  Security

Re: SSL over Internet
Posted by: Georgi Kodinov
Date: February 08, 2013 03:37AM

"OK" is very relative when it comes to security. Something that's acceptable for one installation is not acceptable for others.
So IMHO nobody but you can answer what's "OK" for your case.
All I can offer you is information so that you can take an informed decision.
You will need to analyze the mysql wire protocol from a security standpoint and decide whether you consider it secure enough for your needs. This is something you should do for all protocols that you use. Some of the protocols have already been analyzed by certification agencies and found to be "secure enough" for certain types of pre-defined use. This is why it's easier (and safer) to use these protocols (and implementations) unaltered as you can just re-use somebody else's security analysis.
But if you decide to go down the evaluating mysql client/server protocol route I'm sure you'll find the recently updated protocol documentation ( http://dev.mysql.com/doc/internals/en/client-server-protocol.html ) handy.


First thing to note is that the mysql connection is SSL from the get-go. It always starts as a clear text connection and only after finding out that both the client and the server can and want to do SSL using compatible ciphers does it get encrypted.
This means your connection will have a very clear signature of a typical mysql connection for people able to listen to your traffic. And all the information in that initial exchange will be available to eavesdroppers. The internals manual (quoted above) is pretty precise on what that information is.

Second thing to note is that SSL has various degrees of "strength", depending on the amount of key material you supply to it, the algorithms you allow and how you configure it in general. http://dev.mysql.com/doc/mysql-security-excerpt/5.6/en/ssl-connections.html is a good place to start reading about this.

And don't underestimate some good old common sense too : http://dev.mysql.com/doc/mysql-security-excerpt/5.6/en/general-security-issues.html

Options: ReplyQuote


Subject
Views
Written By
Posted
2442
January 27, 2013 02:06PM
Re: SSL over Internet
1572
February 08, 2013 03:37AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.