RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
My suggestion, if you just want to move data between the 2 servers, is to mysqldump to a file, scp the file to the destination server and then mysql filename to get it into the second server. You can't do it under programmatic control but it will work and your data will remain secure in transport. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:24 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure MySQL connections in PHP with 'stunnel' Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: ?PHP $db_link = mysql_connect(SERVERB:3308, User, Pwd) or die(Cannot connect to db); mysql_select_db(DBNAME,$db_link) or die(Cannot select MASTER db\n); ? and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
Thank you Carl, for your suggestion. You are correct. In this case, it would be possible to use mysqldump to create a file, then SSH to transfer it and then pipe it into the database. However, I am interested in learning how to connect directly to the MySQL port, as in a second step of the project I am working on, various data from various servers will be handled. The 'dump to a file' approach, while fine in my little example below, will no longer be manageable in step two. Do you have any experience with stunnel or indeed, any other method of securely transferring data between 2 MySQL servers?? Stefen From: Cal Evans [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Stefen Lars [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] Secure MySQL connections in PHP with 'stunnel' Date: Mon, 29 Apr 2002 10:31:00 -0500 My suggestion, if you just want to move data between the 2 servers, is to mysqldump to a file, scp the file to the destination server and then mysql filename to get it into the second server. You can't do it under programmatic control but it will work and your data will remain secure in transport. =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:24 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure MySQL connections in PHP with 'stunnel' Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: ?PHP $db_link = mysql_connect(SERVERB:3308, User, Pwd) or die(Cannot connect to db); mysql_select_db(DBNAME,$db_link) or die(Cannot select MASTER db\n); ? and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
You may also look at SSH port forwarding, this allows you to create an encrypted tunnel between the two machines, then you connect to the local port, the data gets encrypted sent across the wire and decrypted at the destination. Look at -L in your ssh man or search google for ssh tunneling stunnel is nice because you don't have to leave an ssh connection open. Checkout http://www.commandprompt.com/ppbook/index.lxp?lxpwrap=x16230%2ehtm#USINGSTUN NELREMOTELY for more info on configuring stunnel, the reference is for PostgreSQL but the stunnel part is not db dependant. Jason -Original Message- From: Stefen Lars [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 9:24 AM To: [EMAIL PROTECTED] Subject: [PHP] Secure MySQL connections in PHP with 'stunnel' Hello all I have written a very simple PHP script to copy the data from one MySQL database table on SERVERA to another MySQL database table on SERVERB. Using PHP, I simply connect to each server and copy the data across. That works well. However, natively, MySQL works with clear text. i.e. the data is copied across the Internet in clear text (a bad thing). I would now like encrypt the MySQL data between SERVERA and SERVERB. After searching with Google, I see that stunnel is a tool to use. However, I have been trying with no avail to create an encrypted connection between the two servers from MySQL to work. Following the instructions at: http://www.zataz.net/php-stunnel-tuneling.php I have come up with the following: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 This does not work. When I connect to the slave with: ?PHP $db_link = mysql_connect(SERVERB:3308, User, Pwd) or die(Cannot connect to db); mysql_select_db(DBNAME,$db_link) or die(Cannot select MASTER db\n); ? and select / insert data into SERVERB, the data is selected / inserted to the database on SERVERA. This is very strange. Has anyone else tried using stunnel to achieve what I want to do? If so, I would REALLY like to hear how you achieve the encrypted link. Or are there other ways of securely coping data from one MySQL server to another? Using stunnel seems rather fiddly... Any comments on this subject will be well received. Stefen _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
On Mon, 29 Apr 2002, Stefen Lars wrote: However, I am interested in learning how to connect directly to the MySQL port, as in a second step of the project I am working on, various data from various servers will be handled. The 'dump to a file' approach, while fine in my little example below, will no longer be manageable in step two. Hi, AFAIK MySQL 4.x.x (alpha) has support for SSL, but I guess the PHP mysql extension won't have it until MySQL 4.x.x is stable (?). Anyway, since the people from MySQL are pushing the use of 4.x.x, it'd be cool if PHP adds this SSL support :) Regards, Rodolfo. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Secure MySQL connections in PHP with 'stunnel'
At 11:48 AM -0400 29/4/02, SHEETS,JASON (Non-HP-Boise,ex1) wrote: SERVERA (master) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERA:3307 Shouldn't this end with -r SERVERB:3307 i.e. you listen on port local:3308 and forward to SERVERB:3307 SERVERB then listens to local:3307 and forwards to local:3306. /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 SERVERB (slave) /usr/local/sbin/stunnel -f -P/tmp/ -c -d 3308 -r SERVERB:3307 And ditto. /usr/local/sbin/stunnel -f -P/tmp/ -p /usr/local/ssl/certs/stunnel.pem -d 3307 -r 3306 ...R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
