For programs that use the MySQL client library (for example, mysql and mysqldump), MySQL supports connections to the server based on several transport protocols: TCP/IP, Unix socket file, named pipe, and shared memory. This section describes how to select these protocols, and how they are similar and different.
For a given connection, if the transport protocol is not
specified explicitly, it is determined implicitly. For example,
localhost result in a socket
file connection on Unix and Unix-like systems, and a TCP/IP
127.0.0.1 otherwise. For
additional information, see Section 4.2.4, “Connecting to the MySQL Server Using Command Options”.
To specify the protocol explicitly, use the
--protocol command option. The
following table shows the permissible values for
--protocol and indicates the
applicable platforms for each value. The values are not
||Transport Protocol Used||Applicable Platforms|
||Unix socket file||Unix and Unix-like systems|
TCP/IP transport supports connections to local or remote MySQL servers.
Socket-file, named-pipe, and shared-memory transports support connections only to local MySQL servers. (Named-pipe transport does allow for remote connections, but this capability is not implemented in MySQL.)
If the transport protocol is not specified explicitly,
localhost is interpreted as follows:
On Unix and Unix-like systems, a connection to
localhostresults in a socket-file connection.
Otherwise, a connection to
localhostresults in a TCP/IP connection to
If the transport protocol is specified explicitly,
localhost is interpreted with respect to that
protocol. For example, with
--protocol=TCP, a connection to
localhost results in a TCP/IP connection to
127.0.0.1 on all platforms.
TCP/IP and socket-file transports are subject to TLS/SSL encryption, using the options described in Command Options for Encrypted Connections. Named-pipe and shared-memory transports are not subject to TLS/SSL encryption.
A connection is secure by default if made over a transport protocol that is secure by default. Otherwise, for protocols that are subject to TLS/SSL encryption, a connection may be made secure using encryption:
TCP/IP connections are not secure by default, but can be encrypted to make them secure.
Socket-file connections are secure by default. They can also be encrypted, but encrypting a socket-file connection makes it no more secure and increases CPU load.
Named-pipe connections are not secure by default, and are not subject to encryption to make them secure. However, the
named_pipe_full_access_groupsystem variable is available to control which MySQL users are permitted to use named-pipe connections.
Shared-memory connections are secure by default.
Per the preceding remarks, connections that use TCP/IP encrypted using TLS/SSL, a socket file, or shared memory are secure connections. TCP/IP connections not encrypted using TLS/SSL and named-pipe connections are not secure.
system variable is enabled, the server permits only connections
that use some form of secure transport.
All transport protocols are subject to use of compression on the traffic between the client and server. If both compression and encryption are used for a given connection, compression occurs before encryption. For more information, see Section 4.2.6, “Connection Compression Control”.