RE: Secure Database Communication

["Schott, Erik J Mr ANOSC/FCBS" <erik.schott-FCBS () NETCOM ARMY MIL>]

You could also try stunnel.  We use that to communicate from the MySQL
client on our Snort sensors to the remote MySQL server.

-----Original Message-----
From: Casey Mees [mailto:casey.mees () gmail com]
Sent: Thursday, February 10, 2005 11:20 AM
To: security basics list
Subject: Secure Database Communication


I am looking into creating an encrypted / secure method of communicating
with a remote database server. I have looked into a few methods, but I
am having trouble sorting my way through them. Perhaps the list can give
advice on the methods I have considered thus far.

SSH Port forwarding doesn't seem reasonable with my little experience
using it. I would like the connection to be persistent and not require
establishing the connection for each session of communication with the
DB server.

Establish a VPN. I have a Cisco PIX at each location with VPN support so
I could establish a VPN between the two Cisco PIX's. From the reading I
have done regarding VPN's this seems to be overkill considering I only
need to secure communication on the DB port. VPN's seem to be able to
accomplish this, but do a lot more that I don't foresee needing.

Use SSL on the database server and write the client to use SSL. The DB
server I am using is MySQL and I am under the impression that SSL
support in MySQL is still pretty young. This is certainly a possibility
but I was hoping there would be another solution.

Thanks in advance for any replies,
Casey