Submit Form Data through Web Server to MySQL Server using Stunnel?

Question

I have a form that users can fill out, and the data will be stored into a MySQL database using PHP. The connection to the Apache server is encrypted through HTTPS, and I would like to encrypt the connection to the MySQL database. Both Apache and MySQL are on the same server machine.

I digged around the Interweb and Stunnel seems to be what I need. OpenSSL and SSL are supported and activated on the server, since the we are given the option of using the standard port and a stunnel port to connect to the MySQL server. However, all the articles I found online deal with using Stunnel to connect a MySQL client to an external MySQL Server, but not how to use PHP to connect to a local MySQL server. Am I right to assume that just because the form is transmitted through https, it doesn't mean that the connection to the database is also encrypted?

The PHP code I use to connect to MySQL is like this:

$mysqli = new mysqli("ip","user", "password", "database", "standardport");

This works fine using the standardport. However, if I change it to a Stunnel Port, I get a connection time-out error. Clearly I'm missing something; any help and advice is appreciated! Thanks!

Answer 1

You've already stated that you use an HTTPS connection to encrypt traffic between the clients browser and your webserver, and that the webserver and MySQL instance are on the same machine.

Assmuning the HTTPS connection is secure, this should be all you need to protect your data over public networks, and using a secure tunnel for a connection that is only present on the local machine simply adds an unnecessary layer of complexity.

Consider the following examples.

---

The first is how the connection looks without a secure tunnel.

browser <--HTTPS--> [ webserver <--> mysql ]

So in this scenario, the the connection between the webserver and mysql is unencrypted. Someone who has access to the machine (depending on permissions) will be able to observe all traffic between the webserver and/or read the physical databases from disk themselves.

---

Now, with a secure tunnel

[ webserver <--> stunnel <--ENCRYPTED--> stunnel <--> mysql ]

I hope you can see that the connections between the webserver and one secure tunnel endpoint, and the connection between mysql and the other endpoint are both unencrypted. In this scenario, exactly the same as before, someone with access to the machine could potentially see all traffic and read the databases from disk.

No additional security has been achieved.

---

Lastly

[ webserver <--> stunnel ] <--ENCRYPTED--> [ stunnel <--> mysql ]

When you are using two separate servers, then the local traffic is still unencrypted, however stunnel secures the stream between the two machines. Someone with local access to the machines may still be able to observe traffic and read data, however someone observing network traffic between servers will not.

---

A solution?

All that said, if you really want to encrypt the traffic between PHP and MySQL, even on the same machine, a slightly better solution exists than using stunnel.

MySQL supports SSL natively, as does PHP when both are compiled with SSL support. (Your installations may already be configured this way, it's up to you to check them)

The MySQL manual details how to configure your MySQL server with SSL support and PHP provides the function mysqli_ssl_set

Using this combination, you can natively encrypt the connection between PHP and the mysql server.

[ webserver <--ENCRYPTYED --> mysql ]

However someone with access to the machine may still be able to read the unencrypted database from disk, and may be able to observe the memory of running processes.

You are quite right, the internet is a dangerous place, and proper security is essential. If your server itself and the data it contains are not secure, all is lost, no matter what precautions you take securing how the data enters and leaves it.