Home arrow MySQL arrow Page 7 - Managing MySQL User Accounts

4.5.7.4 SSL GRANT Options - MySQL

If you need to administer MySQL, this article gets you off to a good start. In this section, we discuss MySQL user account management. The fourth of a multi-part series, it is excerpted from chapter four of the book MySQL Administrator's Guide, written by Paul Dubois (Sams; ISBN: 0672326345).

TABLE OF CONTENTS:
  1. Managing MySQL User Accounts
  2. 4.5.2 Adding New User Accounts to MySQL
  3. 4.5.3 Removing User Accounts from MySQL
  4. 4.5.5 Assigning Account Passwords
  5. 4.5.6 Keeping Your Password Secure
  6. 4.5.7.3 Setting Up SSL Certificates for MySQL
  7. 4.5.7.4 SSL GRANT Options
By: Sams Publishing
Rating: starstarstarstarstar / 7
June 15, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

MySQL can check X509 certificate attributes in addition to the usual authentication that is based on the username and password. To specify SSL-related options for a MySQL account, use the REQUIRE clause of the GRANT statement, as described in the MySQL Language Reference.

4.5.7.5 SSL Command-Line Options

The following list describes options that are used for specifying the use of SSL, certificate files, and key files. These options are available beginning with MySQL 4.0. They may be given on the command line or in an option file.

--ssl

For the server, this option specifies that the server allows SSL connections. For a client program, it allows the client to connect to the server using SSL. This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca, --ssl-cert, and --ssl-key options.

This option is more often used in its opposite form to indicate that SSL should not be used. To do this, specify the option as --skip-ssl or --ssl=0.

Note that use of --ssl doesn't require an SSL connection. For example, if the server or client is compiled without SSL support, a normal unencrypted connection will be used.

The secure way to ensure that an SSL connection will be used is to create an account on the server that includes a REQUIRE SSL clause in the GRANT statement. Then use this account to connect to the server, with both a server and client that have SSL support enabled.

--ssl-ca=file_name

The path to a file with a list of trusted SSL CAs.

--ssl-capath=directory_name

The path to a directory that contains trusted SSL CA certificates in pem format.

--ssl-cert=file_name

The name of the SSL certificate file to use for establishing a secure connection.

--ssl-cipher=cipher_list

A list of allowable ciphers to use for SSL encryption. cipher_list has the same format as the openssl ciphers command.

Example: --ssl-cipher=ALL:-AES:-EXP

--ssl-key=file_name

The name of the SSL key file to use for establishing a secure connection.

4.5.7.6 Connecting to MySQL Remotely from Windows with SSH

Here is a note about how to connect to get a secure connection to remote MySQL server with SSH (by David Carlson dcarlson@mplcomm.com):

Install an SSH client on your Windows machine. As a user, the best non-free one I've found is from SecureCRT from http://www.vandyke.com/. Another option is f-secure from http://www.f-secure.com/. You can also find some free ones on Google at http://directory.google.com/Top/
Computers/Security/Products_and
Tools/Cryptography/SSH/Clients/ Windows/
.

Start your Windows SSH client. Set Host_Name = yourmysqlserver_URL_or_IP. Set userid=your_userid to log in to your server. This userid value may not be the same as the username of your MySQL account.

Set up port forwarding. Either do a remote forward (Set local_port: 3306, remote_host: yourmysqlservername_or_ip, remote_port: 3306 ) or a local forward (Set port: 3306, host: localhost, remote port: 3306).

Save everything, otherwise you'll have to redo it the next time.

Log in to your server with the SSH session you just created.

On your Windows machine, start some ODBC application (such as Access).

Create a new file in Windows and link to MySQL using the ODBC driver the same way you normally do, except type in localhost for the MySQL host server, not yourmysqlservername.

You should now have an ODBC connection to MySQL, encrypted using SSH.

Please check back next week for the continuation of this article.



 
 
>>> More MySQL Articles          >>> More By Sams Publishing
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: