We are hosting our own Jira Server and will make it public; my users will be connecting via SSL. My question is if I need to worry about making sure Jira and Confluence are using an SSL connection to mysql? Jira, Confluence, and mysql are all on the same server.
I would configure MySQL to bind to 127.0.0.1 only. Then point each application to 127.0.0.1 to connect to the DB.
In order for someone to intercept the DB traffic this way, they would need to be logged in to the server. If an attacker has gotten that far, you probably have bigger problems to worry about, so I wouldn't bother encrypting that DB traffic. :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.