[rt-users] Implementing SSL MySQL Backend

Jesse Vincent jesse at bestpractical.com
Fri Nov 28 12:27:44 EST 2008

On Wed 19.Nov'08 at 15:02:56 -0500, Guy Dickinson wrote:
> Greetings, RT Users:
> Some internal systems changes have prompted me to migrate my database
> backend from its present location on the same server as the RT web
> frontend to a separate database server elsewhere. To comply with our
> security standards, the database traffic should be encrypted, so I
> implemented MySQL's builtin SSL encryption for the database traffic.
> I took inspiration for the implementation from a rt-users mailing list
> post by Mike Friedman
> (http://lists.bestpractical.com/pipermail/rt-users/2007-April/045347.html).
>  In patch syntax, the precise change I made to RT::Handle was

So, isn't there an environment variable one can set to have DBD::mysql
pick this up?
> I am currently using RT 3.6.7 and will likely upgrade to RT 3.8.x in the
> relatively near future. Will that upgrade--or future ones--provide a
> 'sanctioned' facility to implement SSL mySQL encryption, and will my
> current hack in Handle.pm result in unintended consequences elsewhere in
> RT when I upgrade?

Your hack looks pretty reasonable. I'd like to hear some feedback on
whether there's a cleaner way to do this before canonizing it in the
core ;)

> Thanks!
> Guy
> -- 
> ------------------
> Guy Dickinson, Network Security Analyst
> NYU ITS Technology Security Services
> guy.dickinson at nyu.edu
> (212) 998-3052
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081128/46a0b318/attachment.sig>

More information about the rt-users mailing list