On 8/9/2010 5:27 PM, Yves Goergen wrote:
Does anybody know how to use SSL-secured connections to a MySQL server?
Has anybody done that at all?

In the manual I have now found the following statement:

http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html
Note that use of --ssl does not require an SSL connection. For
example, if the server or client is compiled without SSL support, a
normal unencrypted connection is used.

What's that supposed to mean? If there's no way to force the connection
into SSL, it is entirely useless. Anyone on the wire could simply
pretend that the server doesn't support SSL and so deny the encryption
and the client wouldn't even care...

I don't want to use REQUIRE SSL for an account that is regularly used
locally and doesn't need SSL. SSL should really be selected by the
client per connection when connecting from some other untrusted network.
The whole SSL thing looks pretty unfinished like that.


If you don't want to require SSL on the local connections then don't set the flag on the @localhost account.

If you want the SSL required on the other connections, then set it on the @'...' version of the account that the remote users login through.

All MySQL accounts are tripartate. They consist of: 1) a login (user), 2) a host designation (or wildcard pattern), and 3) a password. Use that host portion of the account to make the distinction between local and remote logins.

More about how the MySQL authentication works is available in the manual:
http://dev.mysql.com/doc/refman/5.1/en/user-account-management.html

--
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc.
Office: Blountville, TN

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/mysql?unsub=arch...@jab.org

Reply via email to