EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Mysql local port forwarding

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#2742
Posted: 04/16/2007 15:00:47
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

I've been testing local port forwarding with a mysql connection. My requirement is that I secure all traffic travelling to and from the client and server. I thought this would be a good approach. I used the localportforwarding demo to make then connection, but noticed that if I use ethereal I can still read the data stream.

Thinking it must be the way I have implemented it, I load the local port forwarding demo, and entered my connect parameters, then loaded up a copy of Toad and made a connection to localhost on 3306. Connected fine, checked ethereal. I can still read the data stream, both in terms of the statements being sent and the data received...surely this isn't secure tunnelling? Where am I going wrong?
#2743
Posted: 04/17/2007 00:56:19
by Eugene Mayevski (EldoS Corp.)

I think you are capturing the data at the wrong point somehow.
To ensure that the data is encrypted you need to check the read-only properties of the SSH components (such as EncryptionAlgorithmClientToServer and similar ones) to ensure that they are not "NULL", i.e. that encryption is applied.


Sincerely yours
Eugene Mayevski
#2745
Posted: 04/17/2007 08:30:52
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

I've checked the demo again using a fresh copy of the code from a newly downloaded trail. If I run the demo and set it to connect to my server on port 22, forward port 3306 to 127.0.0.1 port 3306, and then run a mysql client I can definitely see the select statements and data, apparently still running on 3306. Toad's connection is to localhost on 3306.

#2746
Posted: 04/17/2007 08:44:26
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

check the encryptionalgorithmclientoserver is a 0 in the demo.

#2747
Posted: 04/17/2007 10:33:45
by Eugene Mayevski (EldoS Corp.)

Well, if it's 0, then there's no encryption. You need to check what algorithms are enabled (use EncryptionAlgorithms property) and disable the NULL ones.


Sincerely yours
Eugene Mayevski
#2760
Posted: 04/18/2007 12:39:23
by Ken Ivanov (EldoS Corp.)

Eugene, the 0 value stands for SSH_EA_3DES constant (3DES cipher). I.e., the forwarded data are transferred in encrypted form.

Quote
forward port 3306 to 127.0.0.1 port 3306

I suppose that this is the case. Please try to forward some other port (e.g., 3307) to 127.0.0.1:3306 and check if it solves the issue.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2132 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!