Hi. We have our Django app set up such that it now works locally and on our development apache http server. Both of these connect to an Ubuntu MySQL server. When on the development server, Django securely connects to the db server via https. Locally, it only uses http. Is there a best practice to make sure db transmissions when developing locally are secure? Should we use an SSH tunnel? Make certificates and do SSL from local as well? Would love to hear thoughts on a best practice for this use case. Thanks!
A db client (here, your django app) and a Mysql server do not talk through http(s) protocol, so I do not know what you mean here.
If you want your mysql server to use encrypted connections with clients, you may have a look at https://dev.mysql.com/doc/refman/8.0/en/encrypted-connections.html to configure your mysql server.
This stackoverflow thread will give you some hints for configuration of your database connection options on Django side: How to connect Django to a MySQL database over an SSL connection? - Stack Overflow.
But whether you must use encrypted connections between your app and mysql server depends on the security context of your infrastructure (ability for an attacker to access your network, …) and the sensitivity of data exchanged between the database and your app.
I do not know what you mean by locally but if this stands for a developer’s environement doing some tests, I would expect her/him to work with fake data (not production data), so having to configure TLS connection in such case looks cumbersome. But, again, that depends on the data you are working with.