New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REQ] MySQL over SSL #27
Comments
Author:abhibeck...@gmail.com Date:2008-05-28 23:20:01 I'm not sure how much work SSL is, and I want to get a public release out as soon as possible. I'm going to leave this ticket open with no deadline, I'll make sure we do this shortly after the first public release. |
Author:espe...@gmail.com Date:2008-12-21 17:06:47 I have really no clue, but will it not work just to open a quiet ssh tunnel: ssh -q -L:3307:localhost:3306 remotehost http://macapper.com/2007/05/22/advanced-os-x-secure-tunneling-via-ssh/ |
Author:morgan.c...@gmail.com Date:2009-01-12 09:25:20 I have an alias that looks like this: |
Author:rizw...@gmail.com Date:2009-01-12 11:43:09 I do that too for now, but we've got a MySQL server than can only be accessed via SSL |
Author:avenja...@gmail.com Date:2009-05-14 07:24:33 Work on SSH Tunnels has begun. We have basic tunnels working, but code is still being finalised |
Author:rowanb@gmail.com Date:2009-05-14 07:35:03 SSH tunnels are being covered by Issue #114 ; SSL support is slightly different, and is still on the cards as part of I'll leave myself tagged as the owner though. |
Author:rowanb@gmail.com Date:2009-05-28 03:20:44 SSH tunnels are now functional as of r790. I'm going to defer SSL connections until we have the new connection |
Author:mar...@gmail.com Date:2009-12-05 17:55:49 Would still be helpful to add the MySQL-over-SSL option as some servers (due to |
Author:arocki...@gmail.com Date:2010-07-19 09:23:39 Amazon RDS servers don't support SSH tunneling AFAIK, so this would be great. |
Author:rowanb@gmail.com Date:2010-09-13 15:33:42 SSL support has been added in r2636, with options to specify key file, certificate file, and the CA cert. I don't actually have any access to servers with SSL enabled, so I've only tested this in servers set up for the purposes of testing; I'd appreciate feedback on whether it works in real-world situations :) As always, nightlies are available from http://nightly.sequelpro.com/ , but we don't recommend their use with production data, just in case… I'll mark this as "Implemented" for the time being, but as always we will continue to monitor responses. |
Author:adam...@yipit.com Date:2011-06-20 13:36:19 I've tried this with a remote Amazon RDS instance and it works well. Get the CA cert here: http://docs.amazonwebservices.com/AmazonRDS/latest/UserGuide/index.html?Concepts.DBInstance.html#Concepts.DBEngine.MySQL51.SSLSupport Then attach it to the "CA Cert" field in the Sequel Pro connection dialog - ignoring the Key File and Certificate fields. |
Author:goo...@windware.com Date:2011-06-25 03:44:06 I've looked in the recent nightly build and it seems to have the option to connect via SSL for standard and socket methods but not for SSH. I have a MySQL server that only permits connection from a specific machine (for the sake of security) which I can SSH into, so it would be very useful to have option for using SSL for SSH tunneling method too but can this be applied too? |
Is this resolved? The website still links to this issue stating that:
Any recommendations? |
@kpcyrd the website is wrong. SP does support SSL.
I recommend using SSH tunnels if you can. If you can't, then I recommend testing to make sure you actually are connected with SSL using Also be aware that there are many ways to compromise SSL (see https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS.2FSSL). I'm not sure how many of these apply to mysql, but some probably do. |
@abhibeckert thanks for the quick reply.
Thanks. Most of these are cross protocol attacks that might become exploitable for database drivers in applications that are exposed to attackers, but aren't that relevant for sequelpro. The server is mostly straight forward to secure, I'm more concerned about insecure usage of the client. There's no (secure) way for a server to ensure a client is actually connecting over a secure channel. Some documentation on how to setup secure connections, configure authentication of the server and possibly very good UI in what is secure and what isn't inside sequelpro would help security a lot. :) |
As I said, I recommend using SSH to log in. Then there's really nothing to document, sequel pro/ssh/mysql in their out-of-the-box configuration are all very secure (as long as your mac keychain password is strong and SSH is using a strong password or a public/private keypair) |
We used to do that, but with the increasing trend towards containerization and databases as a service, the tls usecase became more and more relevant. :) |
@abhibeckert See #2499 - we are now enforcing TLS/SSL when the option is checked. |
Five years later, I see the website is still redirecting people to this issue for SSL support. What's the deal? We are using Teleport to proxy IAM auth to a database. After using the
Which works fine for command line
What is the equivalent in Sequel Pro? (I don't use Sequel Pro myself, but I'm getting support requests. Mysql Workbench is working.) There is no remote host available for "ssh log in [to]". |
Issue imported from Google Code: https://code.google.com/p/sequel-pro/issues/detail?id=27
Reporter:rizw...@gmail.com Date:2008-05-26 21:11:50 Status:Implemented Closed:2010-09-01
I know it's probably not a top priority, but for our workflow, being able
to support MySQL over SSL makes this app a must-use for us. To my knowlege,
it shouldn't be too hard, as it's just a command line switch with a path to
the file for the mysql client, but I'm not sure how it works using the
MySQL library in OSX.
The text was updated successfully, but these errors were encountered: