Enable SSL Encryption On Remote MySQL Databases
-
Charlie Reddington shared this idea 3 years ago
- Core System
- 3 Comments
68
Votes
ISSUE: WHMCS does not support remote database encryption w/ SSL
IMPACT: Client and WHMCS data is transferred between the web server and database in clear text. This affects near everyone. If you are on a shared host your data is transported in the clear and can be seen by others, if your data base is remote from your web server, even in the same datacenter, your data is transported in the clear and can be also be seen.
RESOLUTION: Implement SSL support for WHMCS database connections. MySQL and MariaDB both have SSL support for remote connections natively. Newer versions of php-pdo also appear (please help verify) to have support for ssl on remote connections. Php mysqli also has SSL support already built in.
COMMENT: I'd love to see whmcs support ssl on the backend data side as they already do on the front end web side. I further would propose that we add this check into whmcs health checks to make sure everyone is aware of the exposure they currently have like they do for web ssl.
Current ugly work around is setting up a tunnel from your web server to your database server via a SSH tunnel or VPN.
IMPACT: Client and WHMCS data is transferred between the web server and database in clear text. This affects near everyone. If you are on a shared host your data is transported in the clear and can be seen by others, if your data base is remote from your web server, even in the same datacenter, your data is transported in the clear and can be also be seen.
RESOLUTION: Implement SSL support for WHMCS database connections. MySQL and MariaDB both have SSL support for remote connections natively. Newer versions of php-pdo also appear (please help verify) to have support for ssl on remote connections. Php mysqli also has SSL support already built in.
COMMENT: I'd love to see whmcs support ssl on the backend data side as they already do on the front end web side. I further would propose that we add this check into whmcs health checks to make sure everyone is aware of the exposure they currently have like they do for web ssl.
Current ugly work around is setting up a tunnel from your web server to your database server via a SSH tunnel or VPN.
Featured Comment
We're pleased to announce that the 8.8 public beta is now live, featuring Encrypted MySQL Connections! Please test it out, and let us know your feedback during the pre-release period.
Beta information: https://beta.whmcs.com
Feature documentation: https://docs.whmcs.com/System_Environment_Guide#Encrypted_Database_Connections
Discussion: https://whmcs.community/topic/325635-encrypted-mysql-connection-support-share-your-experience/