View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
1467 | RackTables | default | public | 2015-05-07 20:32 | 2015-06-30 15:51 |
Reporter | pRZelAHkmB78 | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | fixed | ||
OS | CentOS | OS Version | 6.6 | ||
Product Version | 0.20.10 | ||||
Target Version | 0.20.11 | Fixed in Version | 0.20.11 | ||
Summary | 1467: RackTables should support TLS-encrypted connections to MySQL | ||||
Description | RackTables should support TLS-encrypted connections to MySQL. This feature is not mentioned in the installer, or in the secret.php comments, and I cannot find mention of it online. I conclude that it is not currently supported. | ||||
Tags | No tags attached. | ||||
RackTables uses the PDO interface to access MySQL. Briefly looking through the documentation I couldn't see how to make PDO use TLS. If you could explain how, it would help (even better post a patch if possible). | |
infrastation, I am not a developer, so my ability to help with the details is very limited. I did find: http://php.net/manual/en/ref.pdo-mysql.php There are several defined constants like PDO::MYSQL_ATTR_SSL_* . In particular, I think PDO::MYSQL_ATTR_SSL_CAPATH would be useful, since the intention is to authenticate the server, not necessarily the client. Possibly useful examples: http://stackoverflow.com/questions/23386211/ssl-encrypted-zf2-pdo-connection-to-mysql http://laravelsnippets.com/snippets/add-pdo-ssl-options-to-database-connection-config Thanks. |
|
I modified the $drvoptions in pre-init.php and was able to get a TLS-enabled connection. I think the real question is how to you set these options. Probably config file only options (not settable by web interface). I'm assuming that the $dbxlink global is the database connection used throughout the program. |
|
You are right. I could not find it because I was looking for TLS. If you are happy with SSL I can add a way to specify additional PDO options in secret.php. | |
infrastation, Yes, TLS is the successor to SSL, but the original name is still used very often, creating some ambiguity. Of all of them, only TLS 1.2 is considered safe anymore. Regardless, I'm sure that that's all handled by PDO. In whatever way you can take PDO's SSL/TLS options and surface them in secret.php, that would be great. Thanks! |
|
Added a pull request to github. Maybe move to github issues? :) |
|
Implemented by Stephen and will be available in the next stable release. | |
Date Modified | Username | Field | Change |
---|---|---|---|
2015-05-07 20:32 | pRZelAHkmB78 | New Issue | |
2015-05-14 00:50 | infrastation | Note Added: 0002821 | |
2015-05-18 19:45 | pRZelAHkmB78 | Note Added: 0002825 | |
2015-05-18 19:57 | sgroat | Note Added: 0002827 | |
2015-05-23 08:37 | infrastation | Note Added: 0002833 | |
2015-05-23 22:20 | pRZelAHkmB78 | Note Added: 0002835 | |
2015-05-28 00:06 | sgroat | Note Added: 0002839 | |
2015-06-30 15:51 | infrastation | Note Added: 0002891 | |
2015-06-30 15:51 | infrastation | Status | new => closed |
2015-06-30 15:51 | infrastation | Resolution | open => fixed |
2015-06-30 15:51 | infrastation | Fixed in Version | => 0.20.11 |
2015-06-30 15:51 | infrastation | Target Version | => 0.20.11 |