Hi we have an environment that has two servers at Amazon AWS.
We’re hoping to keep the EE database on another server but we need to access via SSL to remain HIPAA compliant.
Is this possible with EE config items or do I have to hack core files with mysqli_ssl_set or are there any other options?
We’re currently using EE 2.10.1.
Thanks
Since you are at AWS why don’t you use the AWS RDS service? This is what we do for our clients and it is even MORE secure than using SSL (because it sits inside your VPN thru a special path AWS makes).
If you really want to use SSL it is possible, however, it takes hacking the core files to make it happen and we don’t recommend that (that is to do it directly with EE2). You could always use a proxy ‘middleman’ to do it, however, I suggest you use AWS’s RDS as this is very HIPAA compliant.
There is a post in here somewhere (from me - no less) on how to do the SSL hacking for EE2 - but it is years old (maybe archived by now) and was for an earlier version, however, I doubt EE2 has changed enough to make the method not viable.
On v2 you should be able to specify the port with the hostname needed to connect to the database for a secure connection on your network. In v3 you’d just add a port
key to your database configuration array in your config file. That said, I tend to agree with JT, if you’re already on AWS, why not use AWS RDS? It sounds like on top of your security issues you could be introducing high latency to the database which would severely degrade application performance.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.