You can force all the the users to use SSL by enabling "ssl-only" on the mysql config ( /etc/my.cnf ) and enabling SSL in user creation ( REQUIRE SSL ). Make sure that you application has the client certs installed.
The below query will provide you the list of users who do not have SSL ( REQUIRE SSL ). select user,host,ssl_type from mysql.user where ssl_type=''; Regards, KarthiK.P.R On Mon, May 11, 2015 at 12:14 PM, Balasubramaniam Natarajan < bala150...@gmail.com> wrote: > On Mon, May 11, 2015 at 10:43 AM, Ashish Yadav <gwalash...@gmail.com> > wrote: > > Thanks for the reply Ashish. > > > > How did you create the MySQL "users" in the server? > > You have to forced the user to use "SSL" at the time creation only. > > > > > Invariable of having REQUIRE SSL on [1]. If your client is supplied with > certs. It will attempt to switch over to mysql over SSL, if the server > supports it. At least that is what I hope it is. So if I were to create a > user without REQUIRE SSL and try to login. The switching happens to SSL > and I can type in \s at the "mysql > " prompt to verify it. How can I > verify logging in as root if the person logging in as "iamsecure" is riding > over SSL or not ? > > [1] > GRANT ALL PRIVILEGES ON *.* TO ‘iamsecure’@’%’ IDENTIFIED BY ‘dingdingding’ > REQUIRE SSL; > > For that you can use Wireshark and see the password is indeed encrypted or > > not. > > > > Even Wireshark is beating around the bush :-( > > -- > Regards, > Balasubramaniam Natarajan > http://blog.etutorshop.com > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > ILUGC Mailing List Guidelines: > http://ilugc.in/mailinglist-guidelines > _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
