Datenbank/Kryptografie: Unterschied zwischen den Versionen
K Textersetzung - „Verschlüsselung“ durch „Kryptografie“ |
Keine Bearbeitungszusammenfassung |
||
(8 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
=== MySQL === | === MySQL === | ||
==== Tested with Versions ==== | ==== Tested with Versions ==== | ||
* MySQL 5.5 on Debian Wheezy | * MySQL 5.5 on Debian Wheezy | ||
Zeile 8: | Zeile 5: | ||
==== Settings ==== | ==== Settings ==== | ||
==== References ==== | ==== References ==== | ||
MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. | MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. | ||
Zeile 15: | Zeile 11: | ||
After restarting the server run the following query to see if the ssl settings are correct: | After restarting the server run the following query to see if the ssl settings are correct: | ||
show variables like '%ssl%'; | show variables like '%ssl%'; | ||
=== PostgreSQL === | === PostgreSQL === | ||
==== Tested with Versions ==== | ==== Tested with Versions ==== | ||
* Debian Wheezy and PostgreSQL 9.1 | * Debian Wheezy and PostgreSQL 9.1 | ||
Zeile 57: | Zeile 18: | ||
==== Settings ==== | ==== Settings ==== | ||
To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>. | ; To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>. | ||
* Starting with version 9.2, you have the possibility to set the path manually | |||
==== References ==== | ==== References ==== | ||
It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual. | It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual. | ||
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL]. | * PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL]. | ||
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication]. | * PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication]. | ||
==== How to test ==== | ==== How to test ==== | ||
To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | ||
$ psql "sslmode=require host=postgres-server dbname=database" your-username | $ psql "sslmode=require host=postgres-server dbname=database" your-username | ||
== Weblinks == | <noinclude> | ||
=== Anhang === | |||
==== Siehe auch ==== | |||
{{Special:PrefixIndex/Datenbank}} | |||
===== Sicherheit ===== | |||
===== Dokumentation ===== | |||
===== Links ===== | |||
====== Projekt ====== | |||
====== Weblinks ====== | |||
# https://bettercrypto.org/ | # https://bettercrypto.org/ | ||
[[Kategorie:Kryptografie | [[Kategorie:Kryptografie/Best Practice]] | ||
[[Kategorie:Datenbank]] | [[Kategorie:Datenbank/Sicherheit]] | ||
</noinclude> |
Aktuelle Version vom 31. März 2024, 13:55 Uhr
MySQL
Tested with Versions
- MySQL 5.5 on Debian Wheezy
- MySQL 5.7.20 on Ubuntu 16.04.3
Settings
References
MySQL Documentation on Configuring MySQL to Use Encrypted Connections.
How to test
After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%';
PostgreSQL
Tested with Versions
- Debian Wheezy and PostgreSQL 9.1
- Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c
Settings
- To start in SSL mode the server.crt and server.key must exist in the servers data directory $PGDATA.
- Starting with version 9.2, you have the possibility to set the path manually
References
It’s recommended to read Security and Authentication in the manual.
- PostgreSQL Documentation on Secure TCP/IP Connections with SSL.
- PostgreSQL Documentation on Client Authentication.
How to test
To test your ssl settings, run psql with the sslmode parameter:
$ psql "sslmode=require host=postgres-server dbname=database" your-username
Anhang
Siehe auch
Sicherheit
Dokumentation
Links
Projekt
Weblinks