ssl support in sqlyog? future plans to integrate?

[surferjon2]

Hi,

Long live sqlyog!!! 🙂 I know that sqlyog can do https tunneling using the included php page, but I wonder if there are any plans for native mysql ssl connections in future releases of sqlyog?

I wish that I could specify to sqlyog where my ssl certificates are before connecting (like navicat?) and then just connect using the mysql standard api with ssl support.

(ps I prefer sqlyog to navicat in every way except for this option (and multiplatform support)!!! )

I am not a windows programmer and I haven't explored the mysql c api myself so I don't know how difficult this for the windows programmer to do. I know that many windows guys probably dont use openssl to create sign and manage certificates so this is probably why this feature is not included (ie because it is not in high demand for most win-mysql-sqlyog administrators to create secure certificates and configure mysql to use them).

Is the native mysql ssl connection (ie not over https using a php tunnel page) feature on the 'to-do' list?

Also, I wanted to check in and see how the development is coming along for the Unix/Linux version of sqlyog?! Whats the status, Ritesh?

Cheers!

Jonathan

[peterlaursen]

I believe Ritesh answered this question before, and as I remember the answer, it was like:

It was in previous versions. But with the latest C-api from MySQL it went away for some strange reason.

[surferjon2]

Hi Peter,

I did a little checking up on the mysql c api and found this stuff…

Looking at the mysql c api functions overview in the mysql docs ( http://dev.mysql.com/doc/mysql/en/c-api-fu…n-overview.html )

There seem to be 3 functions that are of particular interest…

mysql_ssl_set() – http://dev.mysql.com/doc/mysql/en/mysql-ssl-set.html

mysql_real_connect() – http://dev.mysql.com/doc/mysql/en/mysql-re…al-connect.html

mysql_options() – http://dev.mysql.com/doc/mysql/en/mysql-options.html

These functions seem to provide access to the use of SSL to encrypt mysql transactions.

I'm confused…how did these api's “go away” ?

If these are indeed the apis to use, why did we not use them in the latest version of sqlyog?

Cheers!

Jonathan

[peterlaursen]

I would prefer to let Ritesh answer your question 😀

BTW I think it's about time for him to wake up now – it must soon be working hours where he lives!

[Ritesh]

Due to legal issues MySQL C API for Windows does not support SSL. MySQL itself is working on it and as soon as they start supporting, SQLyog will do so too 😀

[surferjon2]

Hi Ritesh,

Thanks for your reply. Bummer about the crypto export laws. It seems that others have had issues with ssl connections on the win32 platform…

http://bugs.mysql.com/bug.php?id=7575

This guy was failing to create a mysql-ssl connection using mysqlAdministrator.

Another poster 'Jorge' replied,

“You won't be able to run SSL in Windows OS, because MySQL doesn't support SSL

under Windows. I'm not sure what Navicat actually does, but I'm certain it

doesn't actually use MySQL's SSL options; these only work under non Win32

platforms.”

So what is it? I'm as confused as Jorge. This leads me to ask, Ritesh do you have any idea as to how Navicat implements the ssl connection in their program? Any ideas?

OAN: I noticed you already use plink as a means for working out backend ssh connections….I guess there is no similar means for backending ssl encryption. sure there is stunnel, but that again requires openssl libraries to be installed on the client…not to mention stunnel would have to be installed and configured on the server side as well (something that not all admins have permission to do)…in all not a feasible choice.

So how the hell did navicat do that? 😡

I have to tell you I have made a successful win32 mysql-ssl connection (using my own specified certificates/key) using Navicat (30-day trial only!) and have verified the connection is indeed encrypted (using mysql SHOW STATUS; and analyzing tcpdump output). A funny thing to note is that Navicat DOESNT support ssl/ssh connections on their linux client (wtf?), and no support for ssh connections on their mac client (doh! one can get around it with port forwarding in macSSH)! This all seems so bass ackwards to me!

For the win32 issue, maybe they hacked their own TLS tunnel with JSSE? ( http://java.sun.com/products/jsse/ ) and then linked it up to their app?

I dunno but the only thing is: using another gui tool other than SQLyog makes me cringe! 😀

Finally could you please drop a hint as to how the development of Unix/Linux SQLyog is coming along? Still brainstorming? All UML'ed out? Coding away? Beta Testing? Whats up?

Keep up the GOOD work, Ritesh!

[surferjon2]

A summary and opinion of US crypto export laws from qmail creator, Daniel Bernstein.

http://cr.yp.to/export/problem.html

Just a followup link. Interesting read! 🙂

[Ritesh]

Thanks.

[surferjon2]

Hi,

Maybe 3rd time is the charm?

Quote:

Also, I wanted to check in and see how the development is coming along for the Unix/Linux version of sqlyog?! Whats the status, Ritesh?

Quote:

Finally could you please drop a hint as to how the development of Unix/Linux SQLyog is coming along? Still brainstorming? All UML'ed out? Coding away? Beta Testing? Whats up?

Is the information too secret to let out about how the development is coming along? You keep dodging the question.

Cheers!

Jonathan

[Ritesh]

Work on the Unix/Mac version of SQLyog is going along fine. It will take some time before we can release the second public BETA.

Before the release of a full featured cross platform version of SQLyog, we plan to release a cross platform Query Builder and Database Designer.

The second public BETA release of SQLyog Max (our cross platform version) will take around 6 months.

[surferjon2]

Nice! Thanks for the info and update, Ritesh! 😀

Interested to see the cross platform query builder and DB designer.

Can't wait for the second beta release of SQLyog Max!

I know this is like pulling teeth but I have two more questions…

Since the unix version of the mysql C api doesn't have ssl restrictions like its microsoft counterpart…

Will the cross platform release in 6 months be able to specify a CA cert/client certificate and key to [SQLyog Max BETA2] thus enabling a ssl connection to a mysql database in the unix environment?

AND

Will the cross platform release in 6 months have support for mysql 5.x including stored procedures/triggers (assuming 5.x is out of beta at that time)?

Cheers!

Jonathan

[Ritesh]

Quote:

Will the cross platform release in 6 months be able to specify a CA cert/client certificate and key to [SQLyog Max BETA2] thus enabling a ssl connection to a mysql database in the unix environment?

We have not yet decided on this issue. I have to talk to my development team.

Quote:

Will the cross platform release in 6 months have support for mysql 5.x including stored procedures/triggers (assuming 5.x is out of beta at that time)?

This feature is already planned for SQLyog v5.0. It will take more time for SQLyog Yogmax BETA to have the above features.

[peterlaursen]

>> surferjon2

If you have any proposals on HOW Stored Procedured and Triggers could be managed by Sqlyog then describe it and post it in the forums, or just send it to Ritesh. I sent him a proposoal on how to integrate VIEWs. Your are welcome to read it from her: http://www.deepeter.dk/view.doc.

I also proposed that (since they are defined with the data structure) SP's an Triggers be displayed in the Object Browser with the Database or table that they are defined with. Somewhat like http://www.deepeter.dk/browser.jpg. But what to DO with them ? Any ideas ?

[surferjon2]

Hi,

Thank you, Ritesh for answering all my questions! I am out for the moment! The future for SQLyog looks bright! Can't wait! 😆

>> peterlaursen

I have read over your proposal on integrating proper support for managing views in SQLyog! Thank you for taking the time to write up such a document! I like the picture you created too showing the new features integrated into the object browser. What to DO with them? I have some ideas but I will detail them later.

As far as proposals go, I dont have any crafted up at the moment.

However, I would be happy to write something as to what I know about stored procedures/triggers and suggestions on how I think they could be efficiently integrated into a SQLyog GUI. Give me a little time to do some brainstorming and formatting, and I will post a link on the forum or start a new thread when I have completed it.

Cheers!

Jonathan

[Shadow]

@peterlaursen: I have just donwloaded your ideas regarding views, triggers and stored procs in SQLyog GUI. It's a remarkable article, I'll need some more time to consider its suggestions. But there is a little mistake I would like to point out:

Quote:

But SELECTs are always possible, provided you have the necessary privileges to the VIEW itself AND to  the underlying TABLE as well.

This is wrong, no one has to have any rights to the underlying table(s) whatsoever, that's the whole point of views! You may grant a user to add new records to a table provided those records match a certain criterion (view's where clause) but other updates will fail.

Quote:

Special rule: If you have a privilege to perform an operation on a view, you don't

need the same privilege on the underlying tables. That is, if you have the

UPDATE privilege on view v, which is based on table t, you can update v —

assuming that v is updatable. There is no requirement that you have the

UPDATE privilege on t as well.

(MySql 5.0 Views white paper)

[peterlaursen]

OK Shadow …

but probably you'll need to have CREATE_VIEW and SELECT priviliges to the underlying TABLE to CREATE the VIEW.

'twas probably what I mismatched.

Ritesh told me recently that they will need a few months to fix some other issues before they can seriouslys start implementing support for the new features of MySQL ver5. So there is time for a debate, and more ideas!

Wasn't it an idea that you wrote something similar concerning how to integrate SP's and Triggers with the Sqlyog GUI ??

Or you might happen to know someone who has used SP with MSSQL, Oracle or DB2 and who is migrating til MySQL.

Traditional users of MySQL probably won't have many good ideas, since they haven't used it before.

[Shadow]

You need privileges to those columns of underlying tables only that are referred to by the view being created. As far as I'm concerned, create view and show view privileges are not table related either.

[peterlaursen]

You're right again …

create_view and show_view privileges can be 'global privileges' or 'schema privileges'.

At least that's what “MySQL Administrator” lets you do with them.

[Author]

Posts