Devart Forums

Posted: **Tue 02 Jun 2015 09:47**

I'm playing with using the SSL protocol with TMyConnection to reach a remote database.

I've used both the securebridge demo and also experimented with just using TMyConnection without the securebridge bits, using certificates stored on my computer and setting the SSL options in TMyConnection.

I can connect with no problems in both cases.

However, as a test, if I deliberately mis-spell the name of the certificate when not using secure bridge it still connects with no problems. If I misspell it deliberately using the demo I get the expected 'file not found' error so it never gets a chance to connect.

So my question is:

How can I tell if TMyConnection is using SSL or not?
ie using the securebridge demo I can connect OK but how can I confirm that SSL is really being used?

Posted: **Tue 02 Jun 2015 12:55**

The similar question has already been discussed on our forum. Follow the link http://forums.devart.com/viewtopic.php?t=31767 for details.

Posted: **Tue 02 Jun 2015 13:04**

Thank you Viktor, I see its an SQL statement. That will do what I want but my question was really asking if there is some way through Delphi or TMyConnection to do it. If using SQL is the only way though that's OK

Posted: **Tue 02 Jun 2015 13:35**

The using that sql statement (SHOW STATUS LIKE 'Ssl_cipher') seems to indicate that the securebridge demo is not connecting using ssl when it should be.

All I did was to add a Tbutton, TMyQuery, TMyDataSourse and a TDBgrid to the SSL_ClientFrame supplied by Devart.
I connected the grid, query,datasource and Tmyconnection together in the normal way at design time and in the OnClick event of the button put the following;

Code: Select all

  myquery1.SQL.Add('SHOW STATUS LIKE ''Ssl_cipher'';');
  myquery1.Open;

Whether the checkbox against 'Use SSL' is checked or not the grid still shows an empty data set with just the column headers for 'Variable name' and 'Value' when I click my new button.

Posted: **Tue 02 Jun 2015 14:38**

I've done some checking and using the sql

Code: Select all

show status

it indicates the the database does not even have a variable called ssl_cipher so it looks like it doesn't support ssl.

However, switching to a database with a different ISP and issuing 'show status' I could see the variable ssl_cipher but it had no value, indicating that your ssl demo program was not connecting using ssl.

It appears that I have to do much more that I thought to get ssl working. It looks like I need to have a special database user that only uses ssl, I have to set up permission, set switches in the database etc.

Not at all as easy as I thought it would be from the statement on your web page.

It is enough to place several components on the form and specify the server address and the user login information to establish a secure connection.

Posted: **Wed 03 Jun 2015 08:30**

To use SSL connection between MySQL server and client, MySQL server should be configured to support SSL. For this, the following MySQL server options must be set: --ssl-ca, --ssl-cert, --ssl-key. In addition, an account requiring connection via SSL must be used. See more details about server configuration and user creation for establishing SSL connection in the MySQL server documentation: https://dev.mysql.com/doc/refman/5.0/en ... tions.html

Posted: **Wed 03 Jun 2015 13:54**

Thank you for your patience Viktor,

I had read that bit of the MySQL documentation several times before posting my original question. However, along with most of the other turorials I have read about SSL, if I understand it correctly it appears to assume that I have access to the server and can play around with it. eg it says

start the server with these lines in the my.cnf file, changing the file names as necessary

and

If you have a MySQL source distribution, you can also test your setup using the demonstration certificate and key files in its mysql-test/std_data directory

The database I am connecting to is hosted by an ISP, all I do is connect to it using TMyConnection (with no problems at all when not trying to use SSL). I have no way to start or stop the server. I don't think I have any access to the my.cnf file and don't know what I am suppose to 'change the file names' to even if I did, I certainly don't have a MySQL source distribution and don't know how (or if) I can reach the mysql-test/std_data folder on my ISP's server.

Am I misunderstanding something? Can SSL only be done if I have the MySQL software running on my own machine?

Assuming whoever configured the ISP's MySQL database server in the first place arranged for it to allow SSL isn't there a simple way to configure, or whatever I need to do, to use SSL directly from the client machine?

Are there any Delphi code samples showing the minimum necessary to connect using SSL, including doing whatever needs doing to the server?

(I do find the Devart demos rather difficult to follow. They are very slick to look at when running and clearly do what they are supposed to do. But there are almost no comments in the code and it's not at all obvious which bits of code are the minimum essential to do the task being demonstrated and which bits of code are only there to make the demo work - The SSLDacDemo for example, do I need all the randomisation code in RandomForm.pas? Do I need to use the registry?, Is the code in DemoForm.pas needed? etc. )

Posted: **Fri 05 Jun 2015 12:57**

docH wrote:Thank you for your patience Viktor,

I had read that bit of the MySQL documentation several times before posting my original question. However, along with most of the other turorials I have read about SSL, if I understand it correctly it appears to assume that I have access to the server and can play around with it. eg it says
start the server with these lines in the my.cnf file, changing the file names as necessary
and
If you have a MySQL source distribution, you can also test your setup using the demonstration certificate and key files in its mysql-test/std_data directory
The database I am connecting to is hosted by an ISP, all I do is connect to it using TMyConnection (with no problems at all when not trying to use SSL). I have no way to start or stop the server. I don't think I have any access to the my.cnf file and don't know what I am suppose to 'change the file names' to even if I did, I certainly don't have a MySQL source distribution and don't know how (or if) I can reach the mysql-test/std_data folder on my ISP's server.

Am I misunderstanding something? Can SSL only be done if I have the MySQL software running on my own machine?

Assuming whoever configured the ISP's MySQL database server in the first place arranged for it to allow SSL isn't there a simple way to configure, or whatever I need to do, to use SSL directly from the client machine?

The possibility to create SSL connection to MySQL server depends first of all on server settings. The server must be configured properly: SSL support enabled, a user requiring SSL connection created.
There is no way to configure the server from the client side. This MySQL specificity, and we can't affect this.
Please refer to the MySQL server technical support to retrieve the required data for SSL configuration.

Posted: **Fri 05 Jun 2015 13:27**

docH wrote: (I do find the Devart demos rather difficult to follow. They are very slick to look at when running and clearly do what they are supposed to do. But there are almost no comments in the code and it's not at all obvious which bits of code are the minimum essential to do the task being demonstrated and which bits of code are only there to make the demo work - The SSLDacDemo for example, do I need all the randomisation code in RandomForm.pas? Do I need to use the registry?, Is the code in DemoForm.pas needed? etc. )

It is not necessary to use the code in the RandomForm.pas module. This module allows generating random data to increase encryption reliability. You can generate random data in any convenient way. By default, SecureBridge generated dataset according to the current time.
See more details about the purpose of generating random numbers for establishing SSL connection in the SecureBridge documentation: https://www.devart.com/sbridge/docs/ssl ... ration.htm
Using the registry is not necessary. The registry is used in the demo project only for storing (loading) MySQL connection option values and SSL settings.
The SSLDACDemo project was developed using frames, and the DemoForm.pas module is designed for work with them. Therefore you need not to use the code from the module in your application.

Devart Forums

How can I tell if TMyConnection is really using SSL or not?

How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?

Re: How can I tell if TMyConnection is really using SSL or not?