Session security depends on several factors, including whether the connection to the host is a trusted connection. If it is not, confidential information can not be transmitted through this connection.
MyDAC supports two different ways to increase connection security. They are SSH and SSL. Both SSH and SSL can be implemented with SecureBridge components.
Devart SecureBridge is a non visual component library that provides functionality for SSH tunneling and SSL connections. Usage of SecureBridge is the handiest and fastest way to ensure protected connection to MySQL server. You can read more about SecureBridge at the SecureBridge home page. The detailed step-by-step instructions on setting up SecureBridge you will find in the SecureBridge documentation.
SecureBridge allows you to embed functionality of an SSH client into your application. The following sequence of steps describes how to protect your connection to MySQL server through an SSH tunnel with SecureBridge:
Now you have an encrypted connection between MySQL server and your application.
SSH works by "Port forwarding" principle and serves to encrypt transferred data.
The following is the step-by-step sequence of actions for the easiest case of using OpenSSH for Windows. The detailed description of each command you can see in the documentation for OpenSSH.
ssh.exe -L <SSH port>:<MySQL server>:<MySQL server port> <SSHUser>@<SSH server>
<SSH port> - port number of SSH client that will be redirected to the corresponding port of MySQL server
<MySQL server> - name or IP address of the machine where MySQL server is installed
<MySQL server port> - number of MySQL server port. As usual, 3306.
<SSHUser> - user name created in p. 2
<SSH server> - name or IP address of the machine where SSH server is installed in p. 2
ssh.exe -L 3307:server:3306 SSHUser@192.168.0.116
At the first start you will be suggested to confirm a connection with the specified SSH server. Enter "yes" for confirmation.
On each start of SSH you must enter a password set in p. 2
MyConnection1.Server := <SSH client>;
MyConnection1.Port := <SSH port>;
If SSH client was installed at the same machine as MySQL client, you can assign 'localhost' to MyConnection1.Server.
Pay attention that in the specified sequence above check of SSHUser authentication is performed by Windows. About the methods of higher protection (key authentication etc) see documentation for OpenSSH.
To get more detailed information on using encrypted connections refer to MySQL Reference Manual.
SecureBridge also allows you to embed functionality of an SSL client into your application. The following sequence of steps describes how to protect your connection to MySQL server with SSL using SecureBridge:
Note that usage of SSL is more preferable for MySQL connections than SSH because of less required settings and higher performance.