SSL connection
BrainFeeder opened this issue · 3 comments
Hello, I'm using Datamapper for ages and I don't know if this is the active repo at the moment... but, I am looking for a way to connect with the database through SSL (with European GDPR comming up).
Is there a simple way of implementing this? It should be nice if this could be done in the configs.
Datamapper uses the Codeigniter DB connection, and I think you can configure that to encrypt the connection. I haven't used CI3 but it seems straightforward enough from the docs.
We are still using CI2. Server admin says it is safe enough as it is now... I trust him ^^
At least in MySQL, enabling (and also forcing) database connections to use SSL, is a setting of the database itself... not the application (such as CI) connecting to the database.
Let me add some detail about best practices... at least that I follow. No remote root connections to db, only local (from host) root connections to db. Some people use SSL on local connections, I do not. Non-root connections CAN be made remotely and they MUST be forced to use SSL for security reasons. Password is not enough, in fact without SSL your password is sent in plaintext, very bad.
To get mysql to use ssl I have to give it a path to credentials in my.cnf:
[mysqld]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/server-cert.pem
ssl-key=/etc/mysql/certs/server-key.pem
[client]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/client-cert.pem
ssl-key=/etc/mysql/certs/client-key.pem