Encrypted DBI connect()

andye has asked for the wisdom of the Perl Monks concerning the following question:

Hi folks,

So, I'm doing a DBI connect() to a MySQL database Away Across The Net, and I'd prefer not to send the password en clair.

Is there a standard way of encrypting a connect()? Suggestions welcome.

If this is documented somewhere, then I apologise, and please just point me to the documentation.

Cheers, andye.

Comment on Encrypted DBI connect()

Replies are listed 'Best First'.
Re: Encrypted DBI connect() by Abigail-II (Bishop) on Jul 22, 2002 at 12:54 UTC
From the MySQL documentation: Do not transmit plain (unencrypted) data over the Internet. These data are accessible to everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an encrypted protocol such as SSL or SSH. MySQL supports internal SSL connections as of Version 3.23.9. SSH port-forwarding can be used to create an encrypted (and compressed) tunnel for the communication. Abigail	[reply]
Re: Encrypted DBI connect() by kodo (Hermit) on Jul 22, 2002 at 11:09 UTC
People use SSH today mostly to encrypt connections. You'll have to use a "tunnel" that you use to deliver data from one host to the other one. This is pretty easy to setup, but I've used it for FTP only in the past so I don't know if there maybe are some issues with DBI/MySQL... giant	[reply]
Re: Encrypted DBI connect() by dsalada (Scribe) on Jul 22, 2002 at 12:47 UTC
I know this isn't a Perl solution nor does it allow for a change from MySQL to another database, but MySQL does allow for SSL connections. I've never used it, but more info can be found at the MySQL site here.	[reply]
Re: Re: Encrypted DBI connect() by andye (Curate) on Jul 22, 2002 at 14:17 UTC
dsalada, Thanks very much for your help. I hadn't realised that MySQL could do SSL natively - now I've found the 'mysql_ssl' flags in the DBD::MySQL documentation, which look as though they'll do exactly what I need. Many thanks, to you and to everyone else who replied. andye.	[reply]
Re: Encrypted DBI connect() by ehdonhon (Curate) on Jul 22, 2002 at 12:50 UTC
As giant mentioned, the most universal way to encrypt your connection would be to tunnel your traffic and let some other application/layer worry about the encryption. But, that can also become messy (especially if you don't have admin rights on the machines you are using). You also then have to worry about monitoring some other application that has to be up whenever your perl program is running. Your only other option would be to find a database and client that supports encryption natively. For example, PostgreSQL can be build with the --with-ssl option. However, I found no mention of making SSL based access in DBD::PG, so it probably isn't an option.	[reply]