1

I have a form that users can fill out, and the data will be stored into a MySQL database using PHP. The connection to the Apache server is encrypted through HTTPS, and I would like to encrypt the connection to the MySQL database. Both Apache and MySQL are on the same server machine.

I digged around the Interweb and Stunnel seems to be what I need. OpenSSL and SSL are supported and activated on the server, since the we are given the option of using the standard port and a stunnel port to connect to the MySQL server. However, all the articles I found online deal with using Stunnel to connect a MySQL client to an external MySQL Server, but not how to use PHP to connect to a local MySQL server. Am I right to assume that just because the form is transmitted through https, it doesn't mean that the connection to the database is also encrypted?

The PHP code I use to connect to MySQL is like this:

$mysqli = new mysqli("ip","user", "password", "database", "standardport");

This works fine using the standardport. However, if I change it to a Stunnel Port, I get a connection time-out error. Clearly I'm missing something; any help and advice is appreciated! Thanks!

nubicurio
  • 165
  • 1
  • 2
  • 15
  • Are your databases encrypted in some way? You seem to be going to a lot of effort to protect the data as it is streamed, but if the DBMS + webserver are on the same machine, and the databases are not encrypted, someone could just read it straight from the disk. (I'm not saying this is a bad question, only that I think it is overkill to SSL tunnel your DBMS connection if it is on the same machine) – Leigh Jul 12 '12 at 07:25
  • No, the databases are not encrypted, and I agree with you that it is kind of paranoid to stunnel the connection. However, my university insists on it:( – nubicurio Jul 12 '12 at 07:31
  • It's pointless when it's on the same machine, maybe you can convince your university of this too. STunnel is for encryption between endpoints, between server A and server B, regardless of whatever infrastructure lies between them. If your university is worried about someone sniffing the connection `webserver <-> mysql` then sure, use STunnel **between** servers. All I have to sniff now is `webserver <-> stunnel-endpoint`, the data is still not encrypted until after it is already in the tunnel (i.e `stunnel-endpoint <-> stunnel-endpoint`), even `stunnel-endpoint <-> mysql` is unencrypted – Leigh Jul 12 '12 at 07:35
  • So STunnel may help to a certain degree for connections between 2 Servers, but is still not 100 percent secure? Hmm the Internet is really a dangerous place:( But even if it's an unnecessary exercise, what would be the correct syntax of using mysqli to establish an SSL connection? – nubicurio Jul 12 '12 at 07:47

1 Answers1

3

You've already stated that you use an HTTPS connection to encrypt traffic between the clients browser and your webserver, and that the webserver and MySQL instance are on the same machine.

Assmuning the HTTPS connection is secure, this should be all you need to protect your data over public networks, and using a secure tunnel for a connection that is only present on the local machine simply adds an unnecessary layer of complexity.

Consider the following examples.

The first is how the connection looks without a secure tunnel.

browser <--HTTPS--> [ webserver <--> mysql ]

So in this scenario, the the connection between the webserver and mysql is unencrypted. Someone who has access to the machine (depending on permissions) will be able to observe all traffic between the webserver and/or read the physical databases from disk themselves.

Now, with a secure tunnel

[ webserver <--> stunnel <--ENCRYPTED--> stunnel <--> mysql ]

I hope you can see that the connections between the webserver and one secure tunnel endpoint, and the connection between mysql and the other endpoint are both unencrypted. In this scenario, exactly the same as before, someone with access to the machine could potentially see all traffic and read the databases from disk.

No additional security has been achieved.

Lastly

[ webserver <--> stunnel ] <--ENCRYPTED--> [ stunnel <--> mysql ]

When you are using two separate servers, then the local traffic is still unencrypted, however stunnel secures the stream between the two machines. Someone with local access to the machines may still be able to observe traffic and read data, however someone observing network traffic between servers will not.

A solution?

All that said, if you really want to encrypt the traffic between PHP and MySQL, even on the same machine, a slightly better solution exists than using stunnel.

MySQL supports SSL natively, as does PHP when both are compiled with SSL support. (Your installations may already be configured this way, it's up to you to check them)

The MySQL manual details how to configure your MySQL server with SSL support and PHP provides the function mysqli_ssl_set

Using this combination, you can natively encrypt the connection between PHP and the mysql server.

[ webserver <--ENCRYPTYED --> mysql ]

However someone with access to the machine may still be able to read the unencrypted database from disk, and may be able to observe the memory of running processes.

You are quite right, the internet is a dangerous place, and proper security is essential. If your server itself and the data it contains are not secure, all is lost, no matter what precautions you take securing how the data enters and leaves it.

Leigh
  • 12,859
  • 3
  • 39
  • 60