Connect securely to MSSQL from PHP using encryption?
1 answer
There are 3 things that are important when implementing a secure (encrypted) connection to MSSQL:
- Parameters
Encrypt
andTrustServerCertificate
are often used together. - By default, SQL Server installs a self-signed certificate that it will use to encrypt connections - the signed certificate itself is open to attacks. Therefore, it should be replaced with one from a certification authority (CA).
- After replacing the certificate, you then install
Encrypt = true
andTrustServerCertificate = false
(TrustServerCertificate = true
will also work, but then your connection will be vulnerable to attacks)
Example code from article * 1:
$serverName = "serverName";
$connectionInfo = array( "Database"=>"DbName",
"UID"=>"UserName",
"PWD"=>"Password",
"Encrypt"=>true,
"TrustServerCertificate"=>false);
$conn = sqlsrv_connect( $serverName, $connectionInfo);
If you are using PDO, create an object and pass the appropriate parameters. A more detailed explanation can be found in the following article:
+3
source to share