Page MenuHomePhabricator
Create Task
Maniphest T6931

Support SSL connections to MySQL
Closed, WontfixPublic
Actions

Description

It does not look like Phabricator supports SSL connections to MySQL (or at least I was not able to find it in docs).

There are two parts of this feature request:

  1. Add config option to support/require connection to MySQL to be wrapped in ssl (i.e. just specify ca in options, make sure SHOW STATUS LIKE 'Ssl_cipher'; is not empty)
  2. Add support for specifying X509 key & cert for connection

(1) is rather important for shared environments (e.g. cloud with hosted MySQL like Google Cloud SQL or Amazon RDS) where there is no or minimal control over the link between app & db server.
(2) is lower priority as in most of the cases it's practically used as longer password.

For more details, see:

Event Timeline

vrusinov created this task.Jan 11 2015, 10:46 PM
vrusinov raised the priority of this task from to Needs Triage.
vrusinov updated the task description. (Show Details)
vrusinov added a project: Database.
vrusinov added a subscriber: vrusinov.
skibbipl added a subscriber: skibbipl.Jan 11 2015, 11:19 PM
epriestley added a subscriber: epriestley.Jan 12 2015, 3:42 PM

I don't think I really understand the threat model for (1) here.

In particular, it looks like RDS can be deployed on VPC. It seems like any attacker who could examine that traffic could also examine the contents of VMs? What kind of attacker can retrieve information from an unsecured EC2 <-> RDS link in a VPC, but not just read the credentials from the client machines?

At least initially, it seems like this is only useful if:

  • Amazon routes traffic in a catastrophically inefficient and insecure way, sending it from the datacenter, over the public internet, and back to the datacenter; or
  • your business faces regulatory/compliance issues which are satisfied by encrypting the connection, even if it provides no direct security benefit.

Are you concerned about one of these cases?

(The (2) use case where this is just a stronger password is reasonable, but the benefit seems small.)

vrusinov added a comment.Jan 12 2015, 9:16 PM

Well, in case of Amazon/other cloud I simply don't know or have any control over traffic between my virtual machine and RDS.
In post-Snowden world there are many other good reasons to try to wrap as much stuff as possible in ssl.

Sure, this is rather unlikely scenario but cost of adding & supporting ssl connections also small. I have not written any PHP in a long time but I can give it a shot myself.

I'm not quite sure about where to store ca - it is basically long-ish string and I think it should just fit in settings json.

epriestley closed this task as Wontfix.Jan 12 2015, 9:28 PM
epriestley claimed this task.

We aren't interested in supporting this in the upstream, since it seems like a lot of complexity and a negligible amount of value.

jasonyoung added a subscriber: jasonyoung.Aug 22 2018, 3:19 PM
  • your business faces regulatory/compliance issues which are satisfied by encrypting the connection, even if it provides no direct security benefit.

Compliance is the primary reason we need SSL support for our database connections (all data in transit must be encrypted). I imagine we're far from the only ones out there who have this requirement. Besides, enforcing SSL throughout an environment is increasingly common these days, and having to make exceptions for the few remaining applications that lack support is increasingly burdensome. Would love to see SSL support in Phabricator so we don't have to complicate our setup by proxying or tunneling.

Phabricator · Built by Phacility