I'm setting up a local webapp. I have a CentOS-5 box that will be the webserver (Apache 2.2). I have another box (RHEL5) that will be used only for MySQL.
The data will be encrypted on the webserver via PHP before being sent to the MySQL box and inserted into the db. All web-based connections to the webserver will be encrypted via SSL.
From the research I've done, it's not totally clear on whether or not there is a need to encrypt the connection to the db from webserver (NB paranoia level: Orange).
If it is not overkill, or even if it is (unless it is a really bad idea for some reason), any advice or pointers on the direction to take to get this done would be appreciated.
Stunnel
I wouldn't consider it overkill and would consider it well advised. Nevertheless, it is not a replacement for proper network segmentation.
While stunnel is a perfectly acceptable solution, you might have better luck using MySQL's native SSL support.