I have 2 Windows 2003 servers. One is running IIS with Microsoft's FastCGI extension and PHP. The other server is running MySQL 5.1. I want to setup some PHP applications on the IIS Server and have them use databases on the second sever.
- What do I need to do to encrypt the network channel/protocol between the servers at the MySQL level?
- Is this a builtin feature with the free edition of MySQL, or do I need a paid version?
- Is the configuration the same if I migrated from a Windows server running MySQL to a Linux server?
I know I can use some other type of encryption and measures at lower levels in the network stack, but wanted to know what MySQL offers.
MySQL (the standard, Open Source edition) offers SSL encryption.
First, you want to see if it is enabled. You can do so by running the following from the mysql client:
If the value is 'YES', then you know that your version has it compiled in. If it says 'DISABLED', then you have it compiled in, but need to add the certificate info detailed below. If it says anything else, well, you need to get a version with it.
To enable it, you need to modify your my.cnf file so that it includes the following in the [mysqld] section:
Obviously, you'll need to change the values to whatever is appropriate. All of the certificates should be in the standard PEM format.
I'm not much of a PHP developer, but there should be a way to enable this in your connection call.
Mysql natively supports SSL here is the reference from the documentation. The tricky bit may be getting a version of PHP with a mysql driver that supports ssl. I am not sure, but the code may need to use mysqli* instead of mysql* or PDO.
MySQL binaries (which most of the Windows users install from) only support yaSSL which has some iffy support for Windows.
If you want to run this with SSL, you may need to either find a working yaSSL install for your version of Windows or run it Linux.