Securing Your Cloud Database Connection with SSL

Posted on June 28, 2012 by Yuval Lubowich

We have just released a new version of our popular database-as-a-service which now supports Secure Sockets Layer (SSL) as a means of securely connecting to your Xeround database.

What is SSL?

To those of you who are not familiar with SSL, it is a cryptographic protocol that provides communication security over the Internet. Formally, SSL encrypts the network connections, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. A less strict way to think about SSL is that it simply protects your sensitive information as it travels across the Internet. Last but not least, SSL is used as an authentication means; allowing you to be sure that you are connecting to the service/site you intended to connect.

Why use SSL to connect to your Xeround Cloud Database?

So, now that we know everything there is to know about SSL :), you might ask yourself how this relates to your Xeround database. I mean, you know you have a username and password for your Xeround database instance and that you can’t connect to your DB without authenticating, Right?. So why SSL?

SSL does improve your level of security and makes it that much harder for prying eyes to examine or change your data while it is making its way from the application to your database and again from the DB to your app.

The simplest way to think about it is that you communicate with each Xeround database instance using signed and wax sealed mail envelopes. The envelope contains your SQL queries. Before sending your envelop you sign it using wax and your own seal (which the Xeround service generated for you). You send your envelope to a certain address, and once it reaches its destination, the database verifies that you sent the original envelop (remember Xeround generated your seal). Query results are returned in much the same way.

How to use SSL with your Xeround DB instance?

Now, back to the matter at hand; in order connect securely to your Xeround database you need to obtain the SSL certificate from Xeround and embed it in your code or application.

In order to obtain your SSL certificate, log into Xeround’s Management Console and follow these simple steps:

  1. In the Management page, select your DB instance from the instances list
  2. Go to “Advanced” Tab
  3. Click on “CA-Certificate” link
  4. When prompted, save the file (“ca-cert.pem”)
  5. Click on “Client-Certificate” and “Client-private-key” links and save these files as well. Two files will be downloaded: -client-cert.pem and -client-key.pem

Once you’ve retrieved your certificate, edit your application’s connection string to use the client certificate and client key to connect securely to your database instance.

Needless to say, making sure that your database connection is set-up to use SSL varies according to your programming language. Just to get you going, below is a simple code snippet that shows how to connect to Xeround from a PHP app:

$host = '<your instance's DNS>';
  $port = '<your instance's  port>';
  $user = '<instance's user  name>';
  $password = '<instance's  password>';
  $dbname = '<DB name>';

Connecting via SSL to Xeround using PDO API:

try {
  $pdo = new PDO(
  "mysql:host=$host;port=$port;dbname=$dbname",
  $user,
  $password
  array(
  PDO::MYSQL_ATTR_SSL_KEY    =>'path/to/<instance-id>-key.pem',
  PDO::MYSQL_ATTR_SSL_CERT=>'path/to/<instance-id>-cert.pem',
  PDO::MYSQL_ATTR_SSL_CA    =>'path/to/ca-cert.pem'
  )
  );
  }
  catch (PDOException $e) {
  print "<br>Error!: " .  $e->getMessage() . "<br/>";
  die();
}

See more code samples here.

Should I use SSL for my application?

Now that you know how easy it is to use Xeround with SSL, you might ask yourself why not use it all the time? To that I can only say that – as most other things in the known universe – nothing good is free :)

SSL does incur certain performance degradation due to the fact that every communication to and from the database is encrypted.

So, whether you choose to take the red pill (SSL) or the blue one (no SSL) is up to you. I only want to show you the way… ;)

*Note:
All new DB instances created and all current Xeround BASIC customers can use SSL. The upgrade of existing Xeround PRO customers will be completed within the next couple of weeks. If you are a Xeround PRO customer and require this feature sooner, please contact our support team at support@xeround.com and we’ll upgrade your account ASAP.

This entry was posted in MySQL Cloud Database, Product Updates and tagged . Bookmark the permalink.

One Response to Securing Your Cloud Database Connection with SSL

  1. Casandra says:
    July 3, 2012 at 12:18 am

    The usage of SSL with Xeround DB instance

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*