8

I have a mail server with a MySQL database back-end. The mail server and MySQL DB are both installed on the same Windows machine. Is there any benefit to using SSL connections between the two applications on localhost?

I think the connection is using TCP and not local sockets.

Based on this question about SSL on a trusted LAN, I don't think there is any benefit for local connections. It seems like an attacker would have to be on the machine to read the traffic, and if attackers can get on our machine they can probably get whatever they want. But this setup was already using SSL when I joined the team. I performed a MySQL upgrade and now I'm having trouble with the SSL connection. I'm wondering if I would be correct to convince the team that we don't need SSL on localhost anyway.

Community
  • 1
Bad Tea
  • 81
  • 1
  • 4
  • If you are building a two-tier database, on the same machine, then if you think that you might EVER need to separate them, then consider not using things like hardcoded IP or localhost, and think of them as separate systems that could be anywhere. – MikeP Oct 24 '16 at 15:21
  • Is this on one box, or on a local lan? There is a difference. – MikeP Oct 24 '16 at 15:21

2 Answers2

7

If you don't have other users on this machine you might be right. If you have other accounts with the ability to connect from remote they might be compromised. If the attacker is able to completely own the machine you are busted anyway. But even if the attacker cannot get root he might be able to make mysqld crash and then take over the port (default port is 3306 which does not need special permissions). In this way using SSL could help a bit, because the identity of the (hackers) server cannot be verified.

So it does not help much bit it might help a bit.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • I'm sorry, I neglected to mention this is a Windows machine. I edited my question to add this. Anyway, other people do have access to RDP to the machine, but only members of our team (i.e. people I trust). The box is locked down pretty well to prevent random attackers from RDP'ing to it. – Bad Tea Jan 18 '14 at 01:37
  • 2
    If anybody has remote access to your machine you not only need to trust him personally but you have to trust, that this user cannot get hacked himself. Just consider the case where the machine of one of your users gets hacked and thus the hacker gets access to your locked down box through this machine. – Steffen Ullrich Jan 18 '14 at 15:34
2

SSL has 2 functions:

  1. To prevent the data stream from being decoded by an attacker listening on the network; and
  2. To ensure to the client that he is connecting to the authentic server, and not a man-in-the-middle.

The first function is not necessary on localhost, because in order to listen to the stream, the attacker would had to have broken into your system already. This is true on Windows as well as other OS's.

The second function is possible only if the client is connecting to the server by its fully-qualified domain name, because anyone (or no one) can get a certificate for "localhost".

Steven Schoch
  • 41
  • 1
  • 1
    There is a third function that can be used and that is "Authenticate the client connecting to the server" if you use client certs. That would prevent others from connecting to a service running on localhost using TLS primitives and not having to add auth to the service. – Bradley Kreider May 10 '19 at 20:32