Home » Communications

Secure Database Connections In Drupal

Posted 24 Sep 2009 | Comments Off on Secure Database Connections In Drupal | 3,812 views

If you are setting up a Drupal site with an SSL certificate in a shared environment such as an ISP or hosting center, one of the things that you need to consider is the connectivity to your database. If you database is running locally on the server, then protecting your database is easy.  Configure it to listen on a socket, and configure your firewall appropriately.

If your database is running on another server, then the database connections should also use SSL. (Following the age old adage: Encryption in the front, encryption in the back.) This will ensure data in transit is protected end-to-end.

Unfortunately, there is no check box to turn SSL connections on to a MySQL database, but the fix is easy to make. In the includes/install.mysql.inc and includes/database.mysql.inc, look for the following line (just look for mysql_connect):

$connection = @mysql_connect($url[‘host’], $url[‘user’], $url[‘pass’], TRUE, 2);

Change the line to look like this:

$connection = @mysql_connect($url[‘host’], $url[‘user’], $url[‘pass’], TRUE, 2050);

That’s basically all there is to it.  When issuing the GRANT statements, be sure to add REQUIRE SSL to the end of the SQL statement.

Comments are closed.