Hi guys I need some help.
I am migrating data from MS Access to another database sytem. I would like to use MySQL as I have some experience with it already.

I have asked our IT support to get us a server (will probably have Win Server 2003). He says that he will do it but he will only let me use MySQL if we use SSL on the connections.

I would like to use the database behing our MS Access forms for admin, in-house PHP intranet scripts and PHP scripts for our website (hosted externaly).

What I would like to know: -
1) How does MySQL deal with SSL?
2) How does SSL affect PHP connections over the internet?
3) How do you install it?
4) Any other thoughts you may have...

Perhaps you should start with this...

http://dev.mysql.com/doc/refman/5.0/en/secure-basics.html

Just stay away from ODBC if you can.

Hi Chazzy,
Yea I have already read that article and the topic is as clear as mud for me I'm afraid.

Why should I stay away from ODBC?

ODBC is essentially the opposite of "secure," it's freely open & unencrypted, available to anyone.

I think I pointed to the wrong section of that topic: http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html That's the start of it.

I'm not sure what it is you're looking for then. Section 5.8.7.2 explains how to setup the server to talk SSL.

I think my biggest question is "why is PHP connecting to your server over the internet?" Isn't there a local LAN available that they should be talking over?

As for the PHP side of things, I believe the only solution is to use the MySQLi library. It's the only one that seems to support SSL. There's ssl_set, which is listed here: http://us2.php.net/mysqli, it explains how to set the SSL information for the connection. This page describes how to create the certificate. http://dev.mysql.com/doc/refman/5.0/en/secure-create-certs.html

OK,
We will use MS Access for an administration front end, that will connect over ODBC through our LAN,
We have a website which searches records and presents the results as a web page using PHP. The website is hosted externaly on a 3rd party web host, so if that website would access the db the db would have to be exposed to the outside world (hence the need for SSL)?

Yes, that would be correct. It's not really a good situation as you're more prone to hackers, and sort of kills the effects of SSL in MySQL. From reading those articles, it appears that SSL is optional, even when configured (I personally have never run MySQL using SSL). Essentially it's up to the client to determine that it's going to talk SSL or not, not the host to only require SSL. The hacking is going to be what kills you though, any public DB can be assumed to be hacked.

Perhaps you could consider doing the following:
- Put a web service front end in front of the DB, have the application talk to that instead.
- Reconsider your hosting scenario.

"Put a web service front end in front of the DB, have the application talk to that instead." - Do u mean run PHP on the db server and have it produce XML files as pre-written querys to give to the website?

I guess in a very rudimentary way I did say that. PHP need not be your only solution mind you. It doesn't need to run on the DB server, it can be on another machine. All I'm saying is to somehow limit your control that way rather than exposing the DB to the WWW directly.

Maybe something like this would better help you understand the point.

http://www.peachpit.com/articles/article.aspx?p=29603&seqNum=4&rl=1