Professional Web Applications Themes

Using SLL to create secure connection between a servlet (using JDBC) and MySQL - MySQL

This is a test which will be used to develop a web application, living in Tomcat or Sun's application server (assuming the latter is available on Linux). I am doing the initial testing on Windows because I haven't set up my Linux box yet. I have read the docs regarding using SSL with MySQL 5.0.16, and there is a little detail wanting. In the section dealing with setting up the certificates, can I use certificates I'd normally create using the keytool that comes with J2SDK? If so, am I safe to assume I'd create and use them in much the ...

  1. #1

    Default Using SLL to create secure connection between a servlet (using JDBC) and MySQL

    This is a test which will be used to develop a web application, living in
    Tomcat or Sun's application server (assuming the latter is available on
    Linux). I am doing the initial testing on Windows because I haven't set up
    my Linux box yet.

    I have read the docs regarding using SSL with MySQL 5.0.16, and there is a
    little detail wanting. In the section dealing with setting up the
    certificates, can I use certificates I'd normally create using the keytool
    that comes with J2SDK? If so, am I safe to assume I'd create and use them
    in much the same way I'd use them in a client/server app I'd normally
    develop in Java?

    What I am aiming for is this: I want to have an application server running,
    serving up my apps, and have my MySQL database responding ONLY to my own app
    server apps, and that using http over SSL. I'll have to set this up twice,
    though: once on Windows XP during initial proof of concept testing and later
    on Suse Linux (initially on a single machine and later using server
    clusters, once I figure out how to do that for both the app server and the
    MySQL database).

    Any idea on how I can set up mutual authentication between my app server
    apps and MySQL? I should be able to significantly improve the security of
    my app and database by forcing both the server and the client app to
    authenticate themselves to each other, and refuse all other connection
    attempts, right? And of course, SSL is needed to ensure both the integrity
    and confidentiality of the data exchanged between my apps and my DB.

    I'll appreciate any help offered. This is a self instruction exercise, with
    what I intend to be a short learning curve, regardless of how steep the
    resulting curve may be. I find myself frustrated by insufficient detail and
    examples in the doentation I have found so far.

    Thanks,

    Ted

    --
    R.E. (Ted) Byers, Ph.D., Ed.D.
    R & D Decision Support Solutions
    [url]http://www.randddecisionsupportsolutions.com/[/url]
    Healthy Living Through Informed Decision Making


    Ted Byers Guest

  2. #2

    Default Re: Using SLL to create secure connection between a servlet (using JDBC) and MySQL

    >This is a test which will be used to develop a web application, living in
    >Tomcat or Sun's application server (assuming the latter is available on
    >Linux). I am doing the initial testing on Windows because I haven't set up
    >my Linux box yet.
    >I have read the docs regarding using SSL with MySQL 5.0.16, and there is a
    >little detail wanting. In the section dealing with setting up the
    >certificates, can I use certificates I'd normally create using the keytool
    >that comes with J2SDK?
    If these are created by the keytool using Openssl, chances are the
    certs are compatible.
    >If so, am I safe to assume I'd create and use them
    >in much the same way I'd use them in a client/server app I'd normally
    >develop in Java?
    >What I am aiming for is this: I want to have an application server running,
    >serving up my apps, and have my MySQL database responding ONLY to my own app
    >server apps, and that using http over SSL. I'll have to set this up twice,
    >though: once on Windows XP during initial proof of concept testing and later
    >on Suse Linux (initially on a single machine and later using server
    >clusters, once I figure out how to do that for both the app server and the
    >MySQL database).
    >Any idea on how I can set up mutual authentication between my app server
    >apps and MySQL? I should be able to significantly improve the security of
    >my app and database by forcing both the server and the client app to
    >authenticate themselves to each other, and refuse all other connection
    >attempts, right? And of course, SSL is needed to ensure both the integrity
    >and confidentiality of the data exchanged between my apps and my DB.
    On the MySQL side: the grant command is your friend here. You
    probably need at least 2 accounts set up: an administrative account,
    probably accessible only from localhost on the MySQL server and
    with a strong password, and the web access account, which is (a)
    restricted to access from ONE IP address or very small netblock
    only, and (b) is required to use SSL. You might want two web access
    accounts: one for your test machine and one for the production
    machine. Stage the tests a little: first, can you establish
    a connection AT ALL? Next, can you do it with SSL? Then,
    can you restrict it to accept only your cert?

    On the application side: I don't know. But I suggest you break the
    task into two by using the mysql command-line client from the
    web server box, if that's possible. You need to do several things:
    (a) confirm that you can establish a SSL connection.
    (b) confirm that your cert works.
    (c) confirm that the wrong cert doesn't work.
    (d) confirm that you CANNOT establish a non-SSL connection.

    A firewall on or in front of the MySQL server to prevent access to
    port 3306 from anything but the web server (or localhost) wouldn't
    hurt, either.

    Gordon L. Burditt
    Gordon Burditt Guest

Similar Threads

  1. MySQL and JDBC 4.0
    By Steven Buroff in forum MySQL
    Replies: 1
    Last Post: August 9th, 05:46 PM
  2. PHP and Servlet Access to MySQL
    By Mikey in forum MySQL
    Replies: 1
    Last Post: January 18th, 07:44 PM
  3. JDBC SQL connection
    By bwfnick in forum Coldfusion Server Administration
    Replies: 1
    Last Post: October 4th, 05:02 PM
  4. JDBC connection to database
    By cfcoder2 in forum Coldfusion Database Access
    Replies: 0
    Last Post: August 23rd, 06:58 PM
  5. MX6.1 - Oracle 10g rac and jdbc connection
    By Kieron in forum Coldfusion Database Access
    Replies: 0
    Last Post: April 6th, 07:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139