Erik
Reputation: 12140
Connecting to MSSQL from PHP securely with encryption?
I need to connect to a MSSQL database from PHP. However, as a server on a remote site is connected, I require the connection to be encrypted.
Is it possible to use encrypt the connection to the MSSQL server using only mssql extension for PHP or alternatively PDO?
Upvotes: 4
Views: 13547
Answers (1)
am_
Reputation: 2418
There is 3 things that are important when implementing a secure (encrypted) connection to MSSQL:
- The options
EncryptandTrustServerCertificateare often used together. - By default the SQL server installs a self-signed certificate that it will use to encrypt connections - the self signed certificate are however open to attacks. So it should be replaced with one from a certificate authority (CA).
- After replacing your certificate, you then set
Encrypt = trueandTrustServerCertificate = false(TrustServerCertificate = truewill also work, but your connection will then be vulnerable to attacks)
Code-example from article *1:
$serverName = "serverName";
$connectionInfo = array( "Database"=>"DbName",
"UID"=>"UserName",
"PWD"=>"Password",
"Encrypt"=>true,
"TrustServerCertificate"=>false);
$conn = sqlsrv_connect( $serverName, $connectionInfo);
If you use PDO create an object and pass the relevant params. For a more detailed explanation please see the following article:
Upvotes: 12
Related Questions
- PHP PDO Connection to SQL Server with integrated security?
- Encrypt password for sql connection in php
- PHP connect to MS SQL with SSL
- Making a secure connection to a SQL database in php
- Encrypting mssql queries
- Ms SQL Encryption and Propel
- Encrypted MySQL Connection using PHP
- PHP PDO encrypted / ssl data layer
- PDO Connect with an encrypted password?
- Creating a Secure Connection to a Server using PHP