MyDAC

Secure Connections

Session security depends on several factors, including whether the connection to the host is a trusted connection. If it is not, confidential information can not be transmitted through this connection.

MyDAC supports two different ways to increase connection security. They are SSH and SSL. Both SSH and SSL can be implemented with SecureBridge components.

Devart SecureBridge is a non visual component library that provides functionality for SSH tunneling and SSL connections. Usage of SecureBridge is the handiest and fastest way to ensure protected connection to MySQL server. You can read more about SecureBridge at the SecureBridge home page. The detailed step-by-step instructions on setting up SecureBridge you will find in the SecureBridge documentation.

1. SSH using SecureBridge

SecureBridge allows you to embed functionality of an SSH client into your application. The following sequence of steps describes how to protect your connection to MySQL server through an SSH tunnel with SecureBridge:

Now you have an encrypted connection between MySQL server and your application.

2. SSH using OpenSSH or other third-party SSH tunnel

SSH works by "Port forwarding" principle and serves to encrypt transferred data.

The following is the step-by-step sequence of actions for the easiest case of using OpenSSH for Windows. The detailed description of each command you can see in the documentation for OpenSSH.

  1. Download OpenSSH for Windows from http://www.sourceforge.net/projects/sshwindows/
  2. Install SSH server
    • Choose a machine that will be used as SSH server. It does not have to be the same machine that is a MySQL server, but communication channel between SSH server and MySQL server must be protected
    • Using Windows Control Panel create a user and set a password for him. For example, SSHUser with password SSHPass
    • Install Open SSH. It is enough to install only Server components
    • Open OpenSSH/bin folder
    • Add SSHUser to the list of allowed users:
      mkpasswd -l -u SSHUser >> ..\etc\passwd
    • Use mkgroup to create a group permissions file
      mkgroup -l >> ..\etc\group
    • Run OpenSSH service
      net start opensshd
  3. Install SSH client
    • Choose a machine that will be used as SSH client. It does not have to be the same machine where client application (MySQL client) is running, but communication channel between SSH client and MySQL client must be protected
    • Install Open SSH to SSH client. You may not install server components
    • Run SSH client

      ssh.exe -L <SSH port>:<MySQL server>:<MySQL server port> <SSHUser>@<SSH server>
      <SSH port> - port number of SSH client that will be redirected to the corresponding port of MySQL server
      <MySQL server> - name or IP address of the machine where MySQL server is installed
      <MySQL server port> - number of MySQL server port. As usual, 3306.
      <SSHUser> - user name created in p. 2
      <SSH server> - name or IP address of the machine where SSH server is installed in p. 2

      For example,

      ssh.exe -L 3307:server:3306 SSHUser@192.168.0.116

      At the first start you will be suggested to confirm a connection with the specified SSH server. Enter "yes" for confirmation.
      On each start of SSH you must enter a password set in p. 2

  4. Configure TMyConnection

    MyConnection1.Server := <SSH client>;
    MyConnection1.Port := <SSH port>;

    If SSH client was installed at the same machine as MySQL client, you can assign 'localhost' to MyConnection1.Server.

Pay attention that in the specified sequence above check of SSHUser authentication is performed by Windows. About the methods of higher protection (key authentication etc) see documentation for OpenSSH.

To get more detailed information on using encrypted connections refer to MySQL Reference Manual.

3. SSL using SecureBridge

SecureBridge also allows you to embed functionality of an SSL client into your application. The following sequence of steps describes how to protect your connection to MySQL server with SSL using SecureBridge:

4. SSL

SSL is based on algorithms of asymmetric encryption and digital signature. Consult MySQL Reference Manual for information on how to enable SSL support for MySQL server and generate certificates.

Note that usage of SSL is more preferable for MySQL connections than SSH because of less required settings and higher performance.

See Also

© 1997-2017 Devart. All Rights Reserved. Request Support DAC Forum Provide Feedback