Connect securely to MSSQL from PHP using encryption?

Question

Connect securely to MSSQL from PHP using encryption?

I need to connect to MSSQL database from PHP. However, since the server at the remote host is connected, I require the connection to be encrypted.

Is it possible to encrypt the connection to the MSSQL server using just the mssql PHP extension or alternatively PDO?

+3

php sql-server pdo

Erik Feb 19 13 at 14:09

source to share

1 answer

am_ · Accepted Answer · 2013-02-19T14:17:44+0000

There are 3 things that are important when implementing a secure (encrypted) connection to MSSQL:

Parameters Encrypt

and TrustServerCertificate

are often used together.
By default, SQL Server installs a self-signed certificate that it will use to encrypt connections - the signed certificate itself is open to attacks. Therefore, it should be replaced with one from a certification authority (CA).
After replacing the certificate, you then install Encrypt = true

and TrustServerCertificate = false

( TrustServerCertificate = true

will also work, but then your connection will be vulnerable to attacks)

Example code from article * 1:

$serverName = "serverName";
$connectionInfo = array( "Database"=>"DbName",
                         "UID"=>"UserName",
                         "PWD"=>"Password",
                         "Encrypt"=>true,
                         "TrustServerCertificate"=>false);
$conn = sqlsrv_connect( $serverName, $connectionInfo);

If you are using PDO, create an object and pass the appropriate parameters. A more detailed explanation can be found in the following article:

* 1 - http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx

Connect securely to MSSQL from PHP using encryption?

More articles: