I have setup a http server (Apache/2.2.3, OpenSSL/0.9.8e, PHP/5.1.6 )with Moodle and installed the MySQL databases on my database server (MySQL 5.0.45). Everything is working well but I would like to enable SSL to encrypt the communication between the db server and the http server. I have added the necessary lines to /etc/my.cnf on both servers but I'm not sure how to do this on the Moodle end. Can anyone help?
Should I ask this question somewhere else?
Hello everybody. First of all, I think is important to thank the moodle team for such an useful tool and their continued support and evolution. I post this for helping people to secure their Mysql connections, because in moodle 2.0/2.1 is slightly more difficult to configure. I post too the reference for moodle 1.8/1.9 just in case someone needs it.
Since the first time, we have been using moodle configured to use Mysql with an SSL connection. Our production server, which has Moodle 1.9.6 is using it without problems. The changes I made for it were very simple as the Adodb driver for mysql is written quite well and does all the magic.
For further reference, the changes to the 1.9.6 moodle version we made are:
# LANG=C diff ./lib/adodb/drivers/adodb-mysql.inc.php.orig ./lib/adodb/drivers/adodb-mysql.inc.php
< var $clientFlags = 0;
> var $clientFlags = MYSQL_CLIENT_SSL;
In the moodle 2.0/2.1 case, the changes are more because the new versions are not using adodb driver anymore and the code seems not to support the clientFlags.
I have to say that we have decided to put all the config parameters for the secure connection in the /etc/mysql/my.cnf (in the [client] section) in order not to put them in the moodle source tree.
The changes to the 2.0 or 2.1 moodle version are:
# LANG=C diff moodle/lib/dml/mysqli_native_moodle_database.php.orig moodle/lib/dml/mysqli_native_moodle_database.php
< $conn = new mysqli($dbhost, $dbuser, $dbpass, '', $dbport, $dbsocket); /// Connect without db
> $conn = mysqli_init();
> $errorno = $conn->options(MYSQLI_READ_DEFAULT_FILE,'/etc/mysql/my.cnf');
> $errorno = $conn->options(MYSQLI_READ_DEFAULT_GROUP,'client');
> $conn->real_connect($dbhost, $dbuser, $dbpass, '', $dbport, $dbsocket, MYSQLI_CLIENT_SSL);
< $this->mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname, $dbport, $dbsocket);
> $this->mysqli = mysqli_init();
> $errorno = $this->mysqli->options(MYSQLI_READ_DEFAULT_FILE,'/etc/mysql/my.cnf');
> $errorno = $this->mysqli->options(MYSQLI_READ_DEFAULT_GROUP,'client');
> $this->mysqli->real_connect($dbhost, $dbuser, $dbpass, $dbname, $dbport, $dbsocket, MYSQLI_CLIENT_SSL);
Besides, i would like to know how to improve this code in order to be able to update the moodle code with git without losing the changes. I think it would be very useful to have a variable in config.php called $CFG->clientflags equal to '0' if no SSL is going to be used with mysql, or 'MYSQLI_CLIENT_SSL' if you want mysql+ssl, but is too much work for me to do all the changes.
Anyway, greetings from Spain. I hope this helps.
Any documentations about how to setup MS Sql server with ssl connection ?