How to enable SSL when connect to MySQL

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Storm@raider
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 119
Joined: Sat Jan 20, 2007 5:02 pm
Location: Thailand

How to enable SSL when connect to MySQL

Post by Storm@raider » Fri Nov 07, 2008 11:15 am

I know how to implement SSL on Apache, This is encrypt when client connect to webserver.

but webserver still connect to database in plain text. I just know MySQL support SSL but how to make joomla use secure connection to MySQL? Which code I need to edit or any tutorial about this? Please let me know.

User avatar
brad
Joomla! Master
Joomla! Master
Posts: 13419
Joined: Fri Aug 12, 2005 12:38 am
Location: Sydney - Australia
Contact:

Re: How to enable SSL when connect to MySQL

Post by brad » Fri Nov 07, 2008 7:58 pm

How much more secure is connecting to a service running on the same server?
Brad Baker
https://xyzuluhosting.com
https://www.joomlatutorials.com <-- Joomla Help & Tutorials

User avatar
adamos46
Joomla! Explorer
Joomla! Explorer
Posts: 275
Joined: Sat Apr 26, 2008 6:05 am
Location: New Jersey

Re: How to enable SSL when connect to MySQL

Post by adamos46 » Fri Nov 07, 2008 11:55 pm

You have securosis like many members here. Trying to protect non-sense objects.

Read this, it will give you a brief answer. http://securosis.com/2008/02/12/introdu ... ncryption/ <- it talks about database encryption but it gives you an idea of the attacks that happen in the application layer from malicious users through sql injection.

Storm@raider
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 119
Joined: Sat Jan 20, 2007 5:02 pm
Location: Thailand

Re: How to enable SSL when connect to MySQL

Post by Storm@raider » Sat Nov 08, 2008 6:18 am

Our company have policy to encrypt all connection, Althought mysql is in the same machine. Or do you think in not necessary to encrypt if in the same machine? Is it possible to hack if it in the same machine?

For database encryption. I think it differenct, for database, I need to encrypt only password, which already encrypted. So I need encrypt only connection to MySQL. This is the remain point which still insecure.

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: How to enable SSL when connect to MySQL

Post by Tonie » Sat Nov 08, 2008 8:57 am

SSL is meant to encrypt connection data between a server and a client, so nobody can sniff the traffic between them. If the database and the webserver and on the same physical/virtual server, no communication between the two is going over any network so data can't be sniffed. This effectively renders using SSL useless.

Storm@raider
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 119
Joined: Sat Jan 20, 2007 5:02 pm
Location: Thailand

Re: How to enable SSL when connect to MySQL

Post by Storm@raider » Sat Nov 08, 2008 9:38 am

OK. I understood. No need to use SSL with MySQL in case it in the same machine with Apache.

But some server has seperate Apache and MySQL. Any idea how to use SSL in this case?

User avatar
adamos46
Joomla! Explorer
Joomla! Explorer
Posts: 275
Joined: Sat Apr 26, 2008 6:05 am
Location: New Jersey

Re: How to enable SSL when connect to MySQL

Post by adamos46 » Sat Nov 08, 2008 9:56 am

http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html
Note: You will get a performance hit because of the encryption.

Storm@raider
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 119
Joined: Sat Jan 20, 2007 5:02 pm
Location: Thailand

Re: How to enable SSL when connect to MySQL

Post by Storm@raider » Sat Nov 08, 2008 10:56 am

I found this but not sure how to edit joomla code

http://th.php.net/manual/en/mysqli.ssl-set.php

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: How to enable SSL when connect to MySQL

Post by Tonie » Sat Nov 08, 2008 3:18 pm

It will be a core hack, since Joomla! doesn't do this out of the box. You're probably pretty much on your own here if somebody doesn't have any good ideas here.


Locked

Return to “Security in Joomla! 1.5”