How to use MySQL for encrypted communication in Go language
As information security issues become increasingly prominent, encrypted communication has become a basic technology in the modern computer field. When using Go language for web development, MySQL database is a commonly used data storage solution. To ensure the security of sensitive data, we need to use encrypted communications to protect confidentiality and integrity during data transmission. This article will introduce how to use MySQL for encrypted communication in Go language.
Encrypt MySQL connection using SSL/TLS protocol
MySQL supports using SSL/TLS protocol to encrypt the connection. The SSL/TLS protocol is a secure transmission protocol widely used on the Internet to ensure that data is protected during transmission. To use SSL/TLS to encrypt a MySQL connection, you need to enable the SSL/TLS function of the MySQL server first, and then specify the use of the SSL/TLS protocol when the client connects.
The following is how to enable SSL/TLS on the MySQL server:
- Generate the server certificate and private key
Use the following command to generate the server SSL certificate and private key:
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout server-key.pem -out server-cert.pem
This command will generate a private key file named server-key.pem and a file named server-cert in the current directory. Certificate file of pem.
- Copy the certificate and private key to the specified directory on the MySQL server
Modify the my.cnf configuration file on the MySQL server and specify the service The paths to the client certificate and private key files are as follows:
[mysqld] ssl-cert=/path/to/server-cert.pem ssl-key=/path/to/server-key.pem
- Restart the MySQL server
Restart the MySQL server to make the configured SSL/TLS certificate and private key take effect .
When the client connects to the MySQL server, it needs to specify the SSL/TLS protocol. When using the mysql command line client, you can use the following command to connect:
mysql --ssl-mode=REQUIRED --ssl-ca=/path/to/server-cert.pem --ssl-cert=/path/to/client-cert.pem --ssl-key=/path/to/client-key.pem -h your-mysql-hostname -u username -p
Among them, the --ssl-mode parameter specifies the type of SSL/TLS connection, REQUIRED indicates that the SSL/TLS protocol must be used to connect. The --ssl-ca parameter specifies the MySQL server's certificate, and the --ssl-cert and --ssl-key parameters specify the client's certificate and private key. The -h parameter specifies the host name of the MySQL server.
To use the SSL/TLS protocol to connect to the MySQL server in the Go language, you can use the officially provided MySQL driver github.com/go-sql-driver/mysql. When connecting to the MySQL server, you need to specify the SSL/TLS protocol connection. The code is as follows:
db, err := sql.Open("mysql", "user:password@tcp(hostname:port)/dbname?tls=true&tls-ca=path/to/server-cert.pem&tls-cert=path/to/client-cert.pem&tls-key=path/to/client-key.pem") Among them, the tls=true parameter indicates enabling SSL/TLS encryption, tls The -ca parameter specifies the certificate of the MySQL server, and the tls-cert and tls-key parameters specify the client's certificate and private key.
Use encrypted password to connect to MySQL
In Go language, you can use github.com/go-sql-driver/mysql driverNewCipher()Function encrypts the password. When connecting to the MySQL server, an encrypted password will be used to connect.
The following is a code example for connecting to MySQL using an encrypted password:
import (
"crypto/aes"
"crypto/cipher"
"database/sql"
"fmt"
mysql "github.com/go-sql-driver/mysql"
"strconv"
)
func main() {
// MySQL服务器配置
cfg := mysql.NewConfig()
cfg.User = "root"
cfg.Passwd = "password" // 原始密码
cfg.Addr = "hostname:port"
cfg.DBName = "dbname"
// 加密密码
key := []byte("0123456789abcdef") // 密钥
plaintext := []byte(cfg.Passwd) // 原始密码
block, _ := aes.NewCipher(key)
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
for i := range iv {
iv[i] = byte(i)
}
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
cfg.Passwd = fmt.Sprintf("%x", ciphertext) // 加密后的密码
// 连接MySQL服务器
db, err := sql.Open("mysql", cfg.FormatDSN())
if err != nil {
fmt.Println(err)
return
}
defer db.Close()
// 执行SQL语句
rows, err := db.Query("SELECT * FROM tablename")
if err != nil {
fmt.Println(err)
return
}
defer rows.Close()
// 输出结果
cols, _ := rows.Columns()
data := make([][]byte, len(cols))
pointers := make([]interface{}, len(cols))
for i := range data {
pointers[i] = &data[i]
}
for rows.Next() {
rows.Scan(pointers...)
for i := range data {
fmt.Print(string(data[i]), " ")
}
fmt.Println()
}
}In the code, first use the NewConfig() function to create a MySQL server configuration object and set the user name , password, host name, port number and database name. Then use the NewCipher() function to create the AES encrypted key and cipher. After encrypting the original password, use the encrypted password to connect to the MySQL server.
Using an encrypted password to connect to the MySQL server can avoid being eavesdropped on the plaintext password during network transmission, and can prevent hackers from using dictionary attacks and other methods to crack the password.
Summary
This article introduces the method of using MySQL for encrypted communication in Go language. Data confidentiality and integrity can be ensured by encrypting MySQL connections using the SSL/TLS protocol and using encrypted passwords to connect to the MySQL server. In practical applications, appropriate encryption methods should be selected based on actual conditions to ensure the security of sensitive data.
The above is the detailed content of How to use MySQL for encrypted communication in Go language. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1359
52
How to safely read and write files using Golang?
Jun 06, 2024 pm 05:14 PM
Reading and writing files safely in Go is crucial. Guidelines include: Checking file permissions Closing files using defer Validating file paths Using context timeouts Following these guidelines ensures the security of your data and the robustness of your application.
How to fix mysql_native_password not loaded errors on MySQL 8.4
Dec 09, 2024 am 11:42 AM
One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app
Golang framework vs. Go framework: Comparison of internal architecture and external features
Jun 06, 2024 pm 12:37 PM
The difference between the GoLang framework and the Go framework is reflected in the internal architecture and external features. The GoLang framework is based on the Go standard library and extends its functionality, while the Go framework consists of independent libraries to achieve specific purposes. The GoLang framework is more flexible and the Go framework is easier to use. The GoLang framework has a slight advantage in performance, and the Go framework is more scalable. Case: gin-gonic (Go framework) is used to build REST API, while Echo (GoLang framework) is used to build web applications.
The page is blank after PHP is connected to MySQL. What is the reason for the invalid die() function?
Apr 01, 2025 pm 03:03 PM
The page is blank after PHP connects to MySQL, and the reason why die() function fails. When learning the connection between PHP and MySQL database, you often encounter some confusing things...
What are the vulnerabilities of Debian OpenSSL
Apr 02, 2025 am 07:30 AM
OpenSSL, as an open source library widely used in secure communications, provides encryption algorithms, keys and certificate management functions. However, there are some known security vulnerabilities in its historical version, some of which are extremely harmful. This article will focus on common vulnerabilities and response measures for OpenSSL in Debian systems. DebianOpenSSL known vulnerabilities: OpenSSL has experienced several serious vulnerabilities, such as: Heart Bleeding Vulnerability (CVE-2014-0160): This vulnerability affects OpenSSL 1.0.1 to 1.0.1f and 1.0.2 to 1.0.2 beta versions. An attacker can use this vulnerability to unauthorized read sensitive information on the server, including encryption keys, etc.
How to register for Bitstamp exchange pro? Is it safe? Is it formal?
Aug 13, 2024 pm 06:36 PM
How to register BitstampPro? Visit the BitstampPro website. Fill in your personal information and email address. Create a password and accept the terms. Verify email address. Is BitstampPro safe? Authentication required. Enforce the use of two-factor authentication. Most assets are stored in cold storage. Use HTTPS to encrypt communication. Conduct regular security audits. Is BitstampPro legitimate? Registered in Luxembourg. Regulated by the Luxembourg Financial Supervisory Committee. Comply with anti-money laundering and know-your-customer regulations.
PHP PDO connection to MySQL database: How does the charset=utf8 setting affect the database character set?
Apr 01, 2025 am 11:39 AM
PHP...
How to efficiently integrate Node.js or Python services under LAMP architecture?
Apr 01, 2025 pm 02:48 PM
Many website developers face the problem of integrating Node.js or Python services under the LAMP architecture: the existing LAMP (Linux Apache MySQL PHP) architecture website needs...
