Database migration to SSL connection (OJS 3.3.x, Laravel)

Software Support
,
1

Describe the issue or problem
The MariaDB databases of our hosted OJS servers will be migrated to a new server.
In addition (and probably in a second step), our database administrator requires that the DB connection must be over SSL.

I have seen these two old forum posts:
Connect to Database via SSL (old post, closed, refers in a later discussion to OJS 3.3, but is a user-proposed solution).
How to securely connect to remote database server with tls, ssl (unanswered)

@asmecher Are there any plans to implement a configurable SSL connection to the database? I understand that for PKP it is not a high priority to support hosted DBs better, but for universities as ours and other large organisations it’s much better to operate central database servers due to various reasons: support by experienced database administrators, extended support hours, availability (e.g. primary/replica or cluster setup), performance (easier to have a large environment with huge DB cache, CPU cores, disk, ), maintenance , security, clear distribution of responsibilities (DB vs application administration), professionalisation. So, in our case, it is policy that DBs are on central servers.

What application are you using?
OJS 3.3.0-17, MariaDB

2

Hi @mpbraendle,

An example Laravel configuration for SSL-based database connection can be found here:

https://stackoverflow.com/questions/53061182/mysql-connection-over-ssl-with-laravel

OJS maps its own configuration file into the Laravel style here (for 3.4.0) and here (for 3.3.0).

I’m open to PRs to add any required config mappings from config.inc.php to the Laravel DB initialization – but two caveats…

  • This will only apply to Laravel’s database connection, not the old ADODB schema management tools that are still required for upgrades to 3.3.0-x from anything older. I’d rather not add support for SSL-based database connections unless…
    1. It can be done consistently for both types of connections, or
    2. It’s merged only after we remove support for old upgrades, which would be only in the main branch for OJS 3.5.0 and later.
  • Because of the volume of database queries executed by OJS/OMP/OPS (particularly in the submission listing), running a database server outside of the web server will not perform as well. This is a known issue that will be improved somewhat with 3.5.0 and will need future work as well. So I haven’t been quick to encourage adoption of remote database servers with supportive configuration like this.

Regards,
Alec Smecher
Public Knowledge Project Team