-
Improvement
-
Resolution: Fixed
-
Major
-
3.0.4
-
Any
-
MOODLE_30_STABLE
-
MOODLE_403_STABLE
-
MDL-54704-db-ssl -
Easy
-
Currently, moodle does not have SSL-support for the connection to a database for any of the supported DBMS.
This might be unproblematic for moodle and database running on the same server.
However, using separate servers, which is necessary for bigger moodle instances, allows potential man in the middle attacks.
The added patch allows a connection to a postgres database using ssl. To test this the dboptions in the config.php has to extended by the sslmodeoption. For example:
$CFG->dboptions = array(
'dbpersist' => false,
'dbsocket' => false,
'dbport' => 5432,
'sslmode' => 'require'
);
In this way the postgres connection can support any sslmode (see http://www.postgresql.org/docs/15/static/libpq-ssl.html).
Additonally, no existing moodle instance is forced to you ssl.
The sslmode dboption could be reused for other DBMS. There is an old issue for the same problem for MySQL: MDL-50780
- caused a regression
-
MDL-81457 Test 'core\pgsql_native_moodle_database_test::test_ssl_connection' marked as incomplete (should be skipped)
- Closed
- has a non-specific relationship to
-
MDL-50780 MySQL SSL-based database connections require require updating the Moodle's core code
- Closed
- has been marked as being related by
-
MDL-69581 Azure hosted MariaDB and MySQL instances report the wrong version number
- Closed