For programs that use the MySQL client library (for example, mysql and mysqldump), MySQL supports connections to the server based on several transport protocols: TCP/IP, Unix socket file, named pipe, and shared memory. This section describes how to select these protocols, and how they are similar and different.
For a given connection, if the transport protocol is not
specified explicitly, it is determined implicitly. For example,
localhost result in a socket
file connection on Unix and Unix-like systems, and a TCP/IP
127.0.0.1 otherwise. For
additional information, see Section 6.2.4, “Connecting to the MySQL Server Using Command Options”.
To specify the protocol explicitly, use the
--protocol command option. The
following table shows the permissible values for
--protocol and indicates the
applicable platforms for each value. The values are not
|Transport Protocol Used
|Unix socket file
|Unix and Unix-like systems
TCP/IP transport supports connections to local or remote MySQL servers.
Socket-file, named-pipe, and shared-memory transports support connections only to local MySQL servers. (Named-pipe transport does allow for remote connections, but this capability is not implemented in MySQL.)
If the transport protocol is not specified explicitly,
localhost is interpreted as follows:
On Unix and Unix-like systems, a connection to
localhostresults in a socket-file connection.
Otherwise, a connection to
localhostresults in a TCP/IP connection to
If the transport protocol is specified explicitly,
localhost is interpreted with respect to that
protocol. For example, with
--protocol=TCP, a connection to
localhost results in a TCP/IP connection to
127.0.0.1 on all platforms.
TCP/IP and socket-file transports are subject to TLS/SSL encryption, using the options described in Command Options for Encrypted Connections. Named-pipe and shared-memory transports are not subject to TLS/SSL encryption.
A connection is secure by default if made over a transport protocol that is secure by default. Otherwise, for protocols that are subject to TLS/SSL encryption, a connection may be made secure using encryption:
TCP/IP connections are not secure by default, but can be encrypted to make them secure.
Socket-file connections are secure by default. They can also be encrypted, but encrypting a socket-file connection makes it no more secure and increases CPU load.
Named-pipe connections are not secure by default, and are not subject to encryption to make them secure. However, the
named_pipe_full_access_groupsystem variable is available to control which MySQL users are permitted to use named-pipe connections.
Shared-memory connections are secure by default.
system variable is enabled, the server permits only connections
that use some form of secure transport. Per the preceding
remarks, connections that use TCP/IP encrypted using TLS/SSL, a
socket file, or shared memory are secure connections. TCP/IP
connections not encrypted using TLS/SSL and named-pipe
connections are not secure.
All transport protocols are subject to use of compression on the traffic between the client and server. If both compression and encryption are used for a given connection, compression occurs before encryption. For more information, see Section 6.2.8, “Connection Compression Control”.