I have a remote client computer placed in a server center belonging to an entity that must also own the root of the client computer in accordance with industry regulations. The client machine runs a C ++ program that uses
libmysqlclient.so and periodically polls a MySQL server in my office via the Internet.
Because the data is extremely sensitive, I need to protect this data from disclosure during the data transfer process. Nobody is trusted in the host, including its owner who owns the root of the client machine.
At first, the
JSON The format of the C ++ program configuration database contains an explicit IP address, port, user, and password. Anyone with the root can read them and use them to connect to our server from the client machine. As the IP address and the port must be disclosed to the host owner who manages the intranet, gateway and firewall in accordance with the regulations, I replace the user and the password by encrypted strings in the configuration and the C ++ program will decrypt them at startup to get the desired result. real user and password to connect to the server.
However, the root user can replace
libmysqlclient.so in the system with a modified version so that the user and the password are printed when establishing a connection. Then I change the C ++ program to static link to
libmysqlclient.a at the time of compilation.
However, the transferred data is still in the clear. I'm therefore activating SSL on the MySQL server and modifying the user as
REQUIRE SSL. So, the attack by the middle man is not supposed to be easy.
For SSL to work, I also need to put ca, client-cert, and client-key files on the client machine. I am wondering if the host owner can capture the encrypted traffic transferred and use these files to decrypt the data without knowing the user name and password of the database.
In addition, is there an obvious vulnerability on the client side after all these configurations? Suppose the network structure and the use of MySQL are not changed.