A question about MySQLdb and SSH
Martin von Loewis
loewis at informatik.hu-berlin.de
Thu Jun 7 07:41:12 EDT 2001
Calishar <calisha@*SPAMFREE*.calishar.com> writes:
> I know that it is possible to use SSH to setup an ODBC connection to
> the remote server. What I am wondering is if there is anything similar
> using the MySQLdb library. Ideally it would not require setting up a
> seperate SSH application (the application is for an end-user).
The most recent MySQL versions offer support for OpenSSL. To use that,
both client and server library need to be compiled with SSL support.
MySQL will then attempt to switch to an SSL connection if both ends
support it. By default, the identity of the server is trusted, and no
client authentification is used. That means the connection is
encrypted, but susceptible to a man-in-the-middle attack (ie. somebody
could claim to be your MySQL server, and thus sneak the
connection).
For most purposes, this should be secure enough. MySQL 3.23.38 also
offers a mysql_ssl_set call to set key, certificate, and certificate
authority. MySQLdb does not support this API, but MySQL also offers to
set the keys through a configuration file (on the client). However, it
seems that the keys are not used, atleast not in MySQL 3.23.38.
Hope this helps,
Martin
More information about the Python-list
mailing list