My users are using MS Access and ODBC connector to connect to my remote MySQL database. I wonder how secure this is, in the sense of possible password disclosure to 3rd party. Is the mysql protocol authentication safe to eavesdropping or even man-in-the-middle attacks? I would be quite happy with safety against eavesdropping. Note that my concern is only authentication, I'm not concerned about data disclosure.
Please don't reply that I should use SSL. I know this would be ideal however the setup doesn't seem very simple. Anyway, I would like to know what is the safety level of plain mysql protocol.
MySQL supports encrypted connections between clients and the server using the TLS (Transport Layer Security) protocol. TLS is sometimes referred to as SSL (Secure Sockets Layer) but MySQL does not actually use the SSL protocol for encrypted connections because its encryption is weak (see Section 6.3.
By default, MySQL uses the built-in mysql_native_password authentication plugin, which performs authentication using the native password hashing method. For greater security, this deployment uses the sha256_password and auth_socket authentication plugins for user authentication.
MySQL uses security based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform.
What is it that you want to be "safe to eavesdropping or even man-in-the-middle attacks"? Your password, or your data?
The title of your question refers specifically to authentication. MySQL does a reasonable job of protecting your password from eavesdroppers (it is not sent plaintext, and the use of a nonce defeats replay attacks). Citing MySQL protocol internals:
MySQL 4.1 and later
Remember that mysql.user.Password stores SHA1(SHA1(password))
- The server sends a random string (scramble) to the client
- the client calculates:
- stage1_hash = SHA1(password), using the password that the user has entered.
- token = SHA1(scramble + SHA1(stage1_hash)) XOR stage1_hash
- the client sends the token to the server
- the server calculates
- stage1_hash' = token XOR SHA1(scramble + mysql.user.Password)
- the server compares SHA1(stage1_hash') and mysql.user.Password
- If they are the same, the password is okay.
(Note SHA1(A+B) is the SHA1 of the concatenation of A with B.)
This protocol fixes the flaw of the old one, neither snooping on the wire nor mysql.user.Password are sufficient for a successful connection. But when one has both mysql.user.Password and the intercepted data on the wire, he has enough information to connect.
However, authenticated sessions continue in plaintext: an eavesdropper will be able to see all queries and results; and a MITM would be able to make alterations to the same. As stated in the manual:
By default, MySQL uses unencrypted connections between the client and the server. This means that someone with access to the network could watch all your traffic and look at the data being sent or received. They could even change the data while it is in transit between client and server.
Whilst you may not like the answer, SSL is the tool designed to defeat both data eavesdropping (how else can the communications be encrypted?) and MITM attacks (how else can either party verify that its peer is who it thinks it is?). Indeed, if the mysql client-server protocol alone defeated these threats then there would be no reason to use mysql over SSL (and thus it would be unlikely to be a supported configuration).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With