I’ve been working a bit with Drupal lately. It’s been pretty popular for people that are looking to get a handle on content management. A typical Drupal is relatively straight forward. In fact, the click-through installer will point changes that need to be made along the way. There are also quite a few people who have written quick reference guides on getting started. One thing that I didn’t find in my many Google searches was a way to setup a Drupal site with SSL. Sure the process for configuring Apache to accept an SSL connection has been documented many times over, but there’s not much information out there on setting up the connection to the database. I’ve always been a strong believer that if the site requires SSL on the frontend, then any connections to the backend must also use SSL. In this case, that means getting the Drupal PHP code the make a MySQL connection to the remote database server using SSL.
The change to introduce SSL is rather simple, and only require modification of two files (at least for version 5.6). The two files are mysql.install.inc and database.mysql.inc in the includes directory. Find this line in each file:
$connection = @mysql_connect($url[‘host’], $url[‘user’], $url[‘pass’], TRUE, 2);
Replace it with the following line:
$connection = @mysql_connect($url[‘host’], $url[‘user’], $url[‘pass’], TRUE, 2050);
The origal value of 2 is equivalent to CLIENT_FOUND_ROWS. Adding MYSQL_CLIENT_SSL to the mix is 2050. 2+2048=2050. As I said, it’s a simple change. Also when setting up access to the database, it’s also a good idea to append REQUIRE SSL to the GRANT statement. This will force the client to connect will SSL and ensure that there are no uncrypted database connections.