I have the main Piwik database running on a remote MySQL box from my web servers. The users on the box require MySQL over SSL. Does anyone know how to enable this with Piwik? Basically how do I tell the connection to use SSL and pass it our certificate?
For example, using shell I must pass the cert to get a valid connection:
mysql -uuser -p–ssl-ca=/certs/mysql-cert.pem -hremotehostsomwhere.com
The config file for Piwik doesn’t allow me to pass the cert, so I get connection errors. I wasn’t sure where to look to edit the main connection string.
If I understand it correctly, lack of this option means that Piwik is passing database passwords in clear-text, unencrypted at the moment whenever the database is on a different server than Piwik. Are there know workarounds?
If you look into the pull request, the changes that would need to be made aren’t that many. You could try out manually applying them and testing if it works correctly.
Thank you, Lukas. I think this is my best option, even if it means having to keep patching Piwik after every version update.
I am a little surprised that this issue has not been prioritised earlier on. In some environments it would be considered a significant security vulnerability.
I wish I had the skills for creating the tests that apparently held up this otherwise useful piece of work from becoming part of Piwik accepted core. I wonder if creating those tests is so hard that no one on the Piwik team is capable of doing them. Maybe a clear, step-by-step guide how to create such tests would help?
In any case, many thanks for your kind comments, which are much appreciated.
I tried modifying those files mentioned in the pull request still I wasn’t make successful DB connections with SSL. I am running the piwik v 3.2.0. I added enable_ssl = true and mentioned by ca file in ssl_ca in config.ini.php. no luck.