On Mar 10, 2010, at 3:50 PM, David Roth wrote: > When doing the following at the command-line or in a shell script on CentOS: > mysql -h domain.com -u login_account -pPASSWORD_GOES_HERE > Q: Is the password being sent "clear" over the internet? If so, is there a > way to do this securely? Thanks!
I've never connected to mysql over a public connection. I don't really feel safe having the mysql port open to the world. I'm not sure on the specifics of the password - not sure if there's some type of handshake between the server to send a token that the client then uses to encrypt the password before sending credentials to the server... but the rest of the connection would still be sent "clear" and I doubt you want that. You should use SSL or SSH. http://dev.mysql.com/doc/refman/5.1/en/secure-connections.html _______________________________________________ New York PHP Community MySQL SIG http://lists.nyphp.org/mailman/listinfo/mysql NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
