Hi, I am currently having trouble understanding how secure mysql connections work in php? I have done a lot of searching on using SSL with mysql but can't seem to find what I am looking for. I am working on a project that will require some user information to be saved to DB, address, telephone number and DOB. I will be hosting the form page that captures this data on https:// server space so as I understand the page should be sent to the browser encrypted? When the user hits submit, assuming the form validates okay I then want to store the values in the mysql DB. Am I right in assuming that even if my php file that contains the code to insert the values is also stored on the https server space, the actual data itself will not be sent to my database server in encrypted form?
If this is the case, how would I best go about ensuring that personal data is encrypted on inserting to / retreiving from the DB? Are there any parameters that must be set in the database, either by myself or my hosting provider, or is there a more secure mysql_connect()?
Kind thanks for any help
Secure MySQL Connections
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Secure MySQL Connections
A secure MySQL connection (via SSL) is only useful if the data between PHP and MySQL goes through some untrusted networks like the Internet. In many cases the MySQL servers is on the same machine as the HTTPD/PHP, so there's no reason to use SSL for the connection. Some bigger sites have to use many MySQL servers that are all on their own machines, but still it's often unnecessary to use SSL if the data never leaves the Intranet. If you enable the "allow remote connections" option in MySQL, then you should use SSL.
Note that secure MySQL connections only encrypt the transmissions, not the content. So, the data will remain in plain-text on the database even if you use SSL.
Note that secure MySQL connections only encrypt the transmissions, not the content. So, the data will remain in plain-text on the database even if you use SSL.