[PHP-DB] Connecting to remote db securely
I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
I didn't realize that, is this discussed in Paul DuBois' book? Or, can you point me to the function(s) on the mysql website I need to look at? Thanks, -Lisi At 12:09 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
See php.net/mysql_connect The client_flags argument is the one you want, so you will need PHP 4.3 for it and MySQL 4.0.x. -Rasmus On Mon, 25 Nov 2002, Lisi wrote: I didn't realize that, is this discussed in Paul DuBois' book? Or, can you point me to the function(s) on the mysql website I need to look at? Thanks, -Lisi At 12:09 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
I checked with phpinfo() and this is what I got: PHP Version 4.2.2 mysql - Client API version 3.23.51 Is there any secure way to connect using these versions? I am on a virtual host so there's not much I can do about upgrading. Also, does it matter which versions the server I am connecting to are running? -Lisi At 12:22 AM 11/25/02 -0800, Rasmus Lerdorf wrote: See php.net/mysql_connect The client_flags argument is the one you want, so you will need PHP 4.3 for it and MySQL 4.0.x. -Rasmus On Mon, 25 Nov 2002, Lisi wrote: I didn't realize that, is this discussed in Paul DuBois' book? Or, can you point me to the function(s) on the mysql website I need to look at? Thanks, -Lisi At 12:09 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
Yup, only MySQL 4.0.x has SSL support. I suppose you could try to set up some sort of tunnel, but it might not be the most reliable thing in the world. On Mon, 25 Nov 2002, Lisi wrote: I checked with phpinfo() and this is what I got: PHP Version 4.2.2 mysql - Client API version 3.23.51 Is there any secure way to connect using these versions? I am on a virtual host so there's not much I can do about upgrading. Also, does it matter which versions the server I am connecting to are running? -Lisi At 12:22 AM 11/25/02 -0800, Rasmus Lerdorf wrote: See php.net/mysql_connect The client_flags argument is the one you want, so you will need PHP 4.3 for it and MySQL 4.0.x. -Rasmus On Mon, 25 Nov 2002, Lisi wrote: I didn't realize that, is this discussed in Paul DuBois' book? Or, can you point me to the function(s) on the mysql website I need to look at? Thanks, -Lisi At 12:09 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
OK, then I'll throw this back to the list - any other ideas how I can get to their data without compromising their DB? I thought maybe about asking them to set up a separate DB with just the table I need, and sync it to those table in their main db, but it has to be a solution that involves the least amount of work on their end or it won't happen. Thanks, -Lisi At 01:27 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Yup, only MySQL 4.0.x has SSL support. I suppose you could try to set up some sort of tunnel, but it might not be the most reliable thing in the world. On Mon, 25 Nov 2002, Lisi wrote: I checked with phpinfo() and this is what I got: PHP Version 4.2.2 mysql - Client API version 3.23.51 Is there any secure way to connect using these versions? I am on a virtual host so there's not much I can do about upgrading. Also, does it matter which versions the server I am connecting to are running? -Lisi At 12:22 AM 11/25/02 -0800, Rasmus Lerdorf wrote: See php.net/mysql_connect The client_flags argument is the one you want, so you will need PHP 4.3 for it and MySQL 4.0.x. -Rasmus On Mon, 25 Nov 2002, Lisi wrote: I didn't realize that, is this discussed in Paul DuBois' book? Or, can you point me to the function(s) on the mysql website I need to look at? Thanks, -Lisi At 12:09 AM 11/25/02 -0800, Rasmus Lerdorf wrote: Which DB? MySQL supports encrypted connections. On Mon, 25 Nov 2002, Lisi wrote: I am writing a content management section for a site that will use as part of the front page three small sub-sections from another site's home page (with their permission, of course). They are worried about giving us the password to their database, where the information is stored, because we are on a different server and they are afraid someone could steal the password since it's being passed un-encrypted by our web server when we try to retrieve the info. Is this something to worry about? Is there a way around this? They suggested using IFrames to display the static information from their page, but this doesn't work with Netscape - at least version 4.7. Any other ideas? TIA, -Lisi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
Hi, why don't you write a script which simply gets all the data you need out of their database and puts it into some arrays. then include the page on your website and then you can work with the arrays as if they were on your server HTH, Bastian -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
On Monday 25 November 2002 18:03, Lisi wrote: OK, then I'll throw this back to the list - any other ideas how I can get to their data without compromising their DB? I thought maybe about asking them to set up a separate DB with just the table I need, and sync it to those table in their main db, but it has to be a solution that involves the least amount of work on their end or it won't happen. To minimise any potential damage, ask them to give you a (mysql) user which only has select privileges on just the tables you need. That way even if others do get your user/pass they can only look but not touch. To tighten things further you can ask them to allow access only from _your_ host. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* When some people decide it's time for everyone to make big changes, it means that they want you to change first. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Connecting to remote db securely
I didn't realize that, is this discussed in Paul DuBois' book? Or, can you =not book, but books! =MySQL (New Riders) discusses network access/security in Chap 12, but Jason's solution is also discussed in Chap 11. Unfortunately this book is getting a bit old when it comes to these more advanced topics. =I haven't managed to get my hot and sweaty paws on Cookbook (O'Reilly) yet, but have hope that recently introduced security/advanced features will be included... =Smile nicely and maybe Paul will give the new book a plug!? =dn -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php