Re: newbie question

Sun, 17 Feb 2002 09:41:39 -0800 

"Anderson Farias" <[EMAIL PROTECTED]> writes:
> I'm a software developer that uses Interbase as my backend
> database. I have no expertise/knowlege on SSL and fewer on TCP/IP
> and networking.
> 
> I was discusing at an Interbase newsgroups about the easy to break
> encription of Interbase username/password over the net during
> connection (client to server) and more, data is not encripted to be
> sent over network. So, using Interbase over INTERNET is not a good
> idea (as any snifer can get your passord/data).
> 
> So, Bill Todd (TeamB) came with "How about SSL or VPN?".
> 
> Well, I thought (think in the past :) sorry my poor english) I could
> not use SSL other than with Web Servers (like Apache and IIS) but
> then I got curious...
> 
> Can I make my (C/S) database connection over SSL (using TCP/IP)??
Almost certainly.

> If Yes, what do I need?? The database engine has to implement
> something??  --> How does SSL works??
SSL is a security layer that sits on top of TCP/IP. The idea is
that every byte of data you transmit over TCP is first encrypted.
So, here's the protocol stack w/o and w/ SSL


        +---------------+               +---------------+
        |               |               |  Application  |
        |  Application  |               +---------------|
        |               |               |      SSL      |
        +---------------+               +---------------+
        |      TCP      |               |      TCP      |
        +---------------+               +---------------+
        |      IP       |               |      IP       |
        +---------------+               +---------------+
         
           Without SSL                       With SSL

In general, this requires modifying the applications (though not
the TCP stacks) on either side. However, many applications already
have SSL patches or plugins.

If you have an application you can't modify you can often insert
an SSL proxy that will SSLize or de-SSLize the data. For instance:

                                 |
+--------+                       |       +------+         +--------+
|  SSL   |                       |       | Proxy|         | Normal |
| Client | <---------------------------->|      |<------->| Server |
+--------+      Protocol/SSL     |       +------+   /|\   +---------
                                 |                   |
                              Firewall            Normal 
                                                  Protocol
Stunnel is one such proxy.

-Ekr

-- 
[Eric Rescorla                                   [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
                  http://www.rtfm.com/
  
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to