[UPHPU] Using Remote MySQL Services
Lonnie Olson
lists at kittypee.com
Mon Apr 14 17:39:55 MDT 2008
On Mon, 2008-04-14 at 11:59 -0600, Nathan Lane wrote:
> Is there any danger in connecting to remote MySQL services in a PHP
> application? For example are there queries or authentication passed along in
> an unencrypted manner that would be seen by the public when using a MySQL
> server in a different domain than the PHP application?
Yes there is a danger. All authentication, queries, and results are
unencrypted between MySQL Client (PHP) and Server.
That is... Unless you use SSL as Ray suggested. It is not usually
enabled by default, and takes some setup on both sides in order to use
it.
I suggest you read this great section of the Manual about using MySQL
over SSL.
http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html
--lonnie
More information about the UPHPU
mailing list