For programs that use the MySQL client library (for example, mysql and mysqldump), MySQL supports connections to the server based on several transport protocols: TCP/IP, Unix socket file, named pipe, and shared memory. This section describes how to select these protocols, and how they are similar and different.
For a given connection, if the transport protocol is not
specified explicitly, it is determined implicitly. For example,
connections to localhost
result in a socket
file connection on Unix and Unix-like systems, and a TCP/IP
connection to 127.0.0.1
otherwise. For
additional information, see Section 4.2.4, “Connecting to the MySQL Server Using Command Options”.
To specify the protocol explicitly, use the
--protocol
command option. The
following table shows the permissible values for
--protocol
and indicates the
applicable platforms for each value. The values are not
case-sensitive.
--protocol Value |
Transport Protocol Used | Applicable Platforms |
---|---|---|
TCP |
TCP/IP | All |
SOCKET |
Unix socket file | Unix and Unix-like systems |
PIPE |
Named pipe | Windows |
MEMORY |
Shared memory | Windows |
TCP/IP transport supports connections to local or remote MySQL servers.
Socket-file, named-pipe, and shared-memory transports support connections only to local MySQL servers. (Named-pipe transport does allow for remote connections, but this capability is not implemented in MySQL.)
If the transport protocol is not specified explicitly,
localhost
is interpreted as follows:
On Unix and Unix-like systems, a connection to
localhost
results in a socket-file connection.Otherwise, a connection to
localhost
results in a TCP/IP connection to127.0.0.1
.
If the transport protocol is specified explicitly,
localhost
is interpreted with respect to that
protocol. For example, with
--protocol=TCP
, a connection to
localhost
results in a TCP/IP connection to
127.0.0.1
on all platforms.
TCP/IP and socket-file transports are subject to TLS/SSL encryption, using the options described in Command Options for Encrypted Connections. Named-pipe and shared-memory transports are not subject to TLS/SSL encryption.
A connection is secure by default if made over a transport protocol that is secure by default. Otherwise, for protocols that are subject to TLS/SSL encryption, a connection may be made secure using encryption:
TCP/IP connections are not secure by default, but can be encrypted to make them secure.
Socket-file connections are secure by default. They can also be encrypted, but encrypting a socket-file connection makes it no more secure and increases CPU load.
Named-pipe connections are not secure by default, and are not subject to encryption to make them secure. However, the
named_pipe_full_access_group
system variable is available to control which MySQL users are permitted to use named-pipe connections.Shared-memory connections are secure by default.
If the require_secure_transport
system variable is enabled, the server permits only connections
that use some form of secure transport. Per the preceding
remarks, connections that use TCP/IP encrypted using TLS/SSL, a
socket file, or shared memory are secure connections. TCP/IP
connections not encrypted using TLS/SSL and named-pipe
connections are not secure.
All transport protocols are subject to use of compression on the traffic between the client and server. If both compression and encryption are used for a given connection, compression occurs before encryption. For more information, see Section 4.2.6, “Connection Compression Control”.