On Thu January 1 2009, Michael S. Zick wrote: > http://dev.mysql.com/doc/refman/5.1/en/grant.html
> On Thu January 1 2009, Edward Diener wrote: > > Perhaps your seeing this shows why I was at least nominally concerned > > about the MySQL client having its own public key-private key > > certificates. I have tried to find out what actual use the client's > > public key-private key has in MySQL, from either the client or the > > server's point of view, but to no avail since no one involved with MySQL > > answers questions about SSL and the documentation that comes with MySQL > > does not explain the use MySQL may have for the client certs. > > > > Evidently the only way to get any answers about MySQL and SSL is to pay > > Sun for the Enterprise version rather than use the free version. My > > employer is considering this. > > > > Ah, but Google knows the answer. ;) (Try the on-line Reference Manual) > > [quoting 5.5.7.1] > As for using certificates to replace passwords, yes, it can be done. > Following the instructions in the Mysql documentation for GRANT options, do > something like the following: > GRANT SELECT, INSERT, UPDATE ON database.* TO new_user@'hostname' REQUIRE > X509; > [/quote] > > Although not clear there, digging deeper finds that it is the "REQUIRE X509" > option > that makes the client side certificate required. There are other options > which do > not; I did not run those references down myself. > > To increase the confusion, the reference manual on setting up SSL (using > openSSL) > gayly trips right along and has the reader create the _client side_ key pair > - - > > Rhetorical: > What part of "Private" do the reference manual authors not understand? > > So I would suggest digging into the MySQL documentation, find "GRANT" options > that > give you the control you want and possibly even skip the entire question of > client-side things to hide from the client. ;) > > Mike > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
