EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Mysql local port forwarding

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 04/16/2007 15:00:47
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

I've been testing local port forwarding with a mysql connection. My requirement is that I secure all traffic travelling to and from the client and server. I thought this would be a good approach. I used the localportforwarding demo to make then connection, but noticed that if I use ethereal I can still read the data stream.

Thinking it must be the way I have implemented it, I load the local port forwarding demo, and entered my connect parameters, then loaded up a copy of Toad and made a connection to localhost on 3306. Connected fine, checked ethereal. I can still read the data stream, both in terms of the statements being sent and the data received...surely this isn't secure tunnelling? Where am I going wrong?
Posted: 04/17/2007 00:56:19
by Eugene Mayevski (Team)

I think you are capturing the data at the wrong point somehow.
To ensure that the data is encrypted you need to check the read-only properties of the SSH components (such as EncryptionAlgorithmClientToServer and similar ones) to ensure that they are not "NULL", i.e. that encryption is applied.

Sincerely yours
Eugene Mayevski
Posted: 04/17/2007 08:30:52
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

I've checked the demo again using a fresh copy of the code from a newly downloaded trail. If I run the demo and set it to connect to my server on port 22, forward port 3306 to port 3306, and then run a mysql client I can definitely see the select statements and data, apparently still running on 3306. Toad's connection is to localhost on 3306.

Posted: 04/17/2007 08:44:26
by steve orford (Standard support level)
Joined: 03/07/2007
Posts: 22

check the encryptionalgorithmclientoserver is a 0 in the demo.

Posted: 04/17/2007 10:33:45
by Eugene Mayevski (Team)

Well, if it's 0, then there's no encryption. You need to check what algorithms are enabled (use EncryptionAlgorithms property) and disable the NULL ones.

Sincerely yours
Eugene Mayevski
Posted: 04/18/2007 12:39:23
by Ken Ivanov (Team)

Eugene, the 0 value stands for SSH_EA_3DES constant (3DES cipher). I.e., the forwarded data are transferred in encrypted form.

forward port 3306 to port 3306

I suppose that this is the case. Please try to forward some other port (e.g., 3307) to and check if it solves the issue.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 2434 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!