Remote MySQL using SSL?


#1

Hello everyone!

I am looking for a hosting plan that will allow me to connect to a MySQL database on a web server using a remote MySQL connection secured using SSL.

ls there a DreamHost plan that I can purchase that would allow me to do this? Possibly using a VPS as I doubt anyone is offering a shared hosting plan that would have this feature. I know GoDaddy does not offer remote MySQL SSL at all.

Can anyone on here give me some advice on the kind of plan I need to accomplish this?

Thanks!


#2

Remote database connectivity is configurable – even on shared! :slight_smile:


#3

Not with SSL, though. We don’t have SSL enabled on our MySQL servers, because 1) nobody’s asked for it, and most common web applications don’t support it; 2) establishing an SSL connection is a significant burden on the server, which could possibly lead to some security issues; and 3) configuring it to operate securely would require a considerable amount of public-key infrastructure which we don’t currently have.

Keep in mind that the connection overhead of MySQL SSL makes it essentially unusable for web applications — it wouldn’t be usable for that anyway. If all you need is a secure connection for GUI tools, you can set up a SSH tunnel for MySQL traffic through a shell user on our servers; for details and instructions, see: http://wiki.dreamhost.com/MySQL#Connecting_using_SSH


#4

Yeah its a pain. They don’t offer it on the supper duper private Mysql VPS setup either. You have a couple of options

  1. run your own Mysql server on your web host VPS and configure it how ever you like. If you have data that you think you only trust over SSL already then you probably shouldn’t be on the shared service. If you run Mysql on your local web server VPS local host then you don’t need SSL. Still plenty of down sides having to support this and manage backups scaling … might be better to go for another provider if you are big enough to need a cluster type solution.

  2. The Tunnel approach. check out autossh its an apt-get package on most systems. So say you have a remote host somewhere that you need to ssh into your dreamhost shared mysql server. You set up an account on your VPS with no rights, call it sshtunnel and you allow that VPS to connect to your dreamhost DB.

then you do soothing like

auto ssh sshtunnel@myVPS.com -R 3306:mysql.dreahnost.com:3306 -i privatekey-fort-tunnel-account.pem

basically your bringing up a permanent tunnel between you and your VPS but its still not encrypted between your VPS and the dreamhost mysql server internal network