MySQL connection

Currently, the client connecting to MySQL is outlined as below:

client machine ------------> front-end server  ------------------------------------------------------------------------------> mysql server  
                            (ssh)                                        ssh -fNg -L 3306:localhost:3306 admin@mysqlserver


I have checked the MySQL server, there is no encryption setup in mysql (command "show status like 'Ssl_cipher' " show blank entry). However, can I say the connection between front-end and mysql is still safe as the connection has been encrypted by ssh even though mysql server hasn't been configured with encryption.

Any comment ?

Thanks
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
One is for protecting the data as moves over the network - the other is for protecting the data once it is in the database.
0
AXISHKAuthor Commented:
Sorry, I can't get your message. Do you mean there is unsecure path in my current setup ?

Tks
0
Julian HansenCommented:
SSL - encrypts data sent from the browser to the database (via the http server) in other words the data that is transmitted over the network. If you are using SSL then your data is encrypted between browser and server and the probability of it being hacked (from the network connection) is extremely small.

MySQL encryption is of the data in the actual database - should someone hack your server and steal your database files they would not be able to access the data.

Two different scenarios. In the context of what you are asking I am assuming you are asking if your data is secure between browser and database? If so then SSL is what you are looking for.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

AXISHKAuthor Commented:
I need to ensure front-end connect to MySQL is encrypted (not the client browser)..

Currently, can I say all the data transfer between front-end and MySQL are encrypted ?

Tks
0
hieloCommented:
>> ssh -fNg -L 3306:localhost:3306 admin@mysqlserver
The  setup you are describing is an ssh tunnel.
https://mediatemple.net/community/products/dv/204403884/tunnel-local-mysql-server-through-ssh

>>Currently, can I say all the data transfer between front-end and MySQL are encrypted ?
Yes (as long as the ssh tunnel remains opened while running/executing sql commands of course). See the section titled "About SSH tunnels" at:
https://support.cloud.engineyard.com/hc/en-us/articles/205408088-Access-Your-Database-Remotely-Through-an-SSH-Tunnel
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
thx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
MySQL Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.