如何使用PHP / PDO从Ubuntu创建到SQL Server的加密连接
[英]How to create an encrypted connection to SQL Server from Ubuntu using PHP/PDO
问题描述
I'm trying to connect to an SQL Server from a PHP/Zend Framework application running on Ubuntu and at a remote location. 
我正在尝试从在Ubuntu上运行的PHP / Zend Framework应用程序和远程位置连接到SQL Server。
I'm trying to get the connecting application to request encryption from the SQL Server (since the default connection on 1433 is in the clear, and I don't want my credentials being sniffed). 我正在尝试让连接应用程序从SQL Server请求加密(因为1433上的默认连接是明确的,我不希望我的凭据被嗅探)。
I've configured the wildcard SSL certificate on the SQL Server, and I'm creating a PDO connection with the following DSN: 我在SQL Server上配置了通配符SSL证书,我正在使用以下DSN创建PDO连接:
dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=false;charset=
Taken from http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx 来自http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx
Since the host name doesn't match the installed certificate, I'd expect the connection to fail - but it doesn't fail. 由于主机名与安装的证书不匹配,我希望连接失败 - 但它不会失败。
3 个解决方案
解决方案1
1 2017-02-12 14:37:42
Might it be that Encrypt=true;TrustServerCertificate are not taken under consideration at all? 可能是Encrypt=true;TrustServerCertificate根本没有被考虑? Without being an expert on this please check out the documentation in PHP regarding PDO_DBLIB DSN . 如果不是专家,请查看PHP中有关PDO_DBLIB DSN的文档。 As written there is a special parameter in the DSN that is called secure and is currently unused. 如上所述,DSN中有一个特殊参数,称为secure且当前未使用。 I am not sure if this is supposed to be the correct way of declaring that you want a secure connection in this DSN and it is also not helpful at all the fact that it is tagged as unused . 我不确定这是否应该是声明您希望在此DSN中建立安全连接的正确方法,并且它在标记为unused情况下也没有帮助。
In addition also do the following 另外还要做以下事情
In php.ini make sure the following is set: mssql.secure_connection = On
Have a look if connecting via PDO_ODBC is better for what you want to achieve. 看看通过PDO_ODBC连接是否更适合您想要实现的目标。 For connecting via PDO_ODBC check out this example 要通过PDO_ODBC进行连接, PDO_ODBC查看此示例
解决方案2
0 2017-02-13 18:22:27
try to install AES ENCRYPTION CERTIFICATE it's the best i have used to protect credentials from being sniffed 尝试安装AES ENCRYPTION CERTIFICATE这是我用来保护凭证免受嗅探的最好方法
dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=true;charset=utf8
make the default value true of ssl crtificate in php.ini file and then procede with AES 在php.ini文件中使ssl crtificate的默认值为true,然后使用AES进行处理
解决方案3
-2 2017-02-10 14:15:52
It is a more complicated than just setting up a flag. 这比设置一个标志更复杂。
Refer this blog: http://www.madirish.net/214 请参阅此博客: http : //www.madirish.net/214
- You will have to create or install ssl certificate on mysql server. 您必须在mysql服务器上创建或安装ssl证书。
in my.cnf do the below settings:
在my.cnf中进行以下设置: ssl-ca=/etc/ssl/mysql/server.csr
SSL的CA =的/ etc / SSL / MySQL的/ server.csr
ssl-cert=/etc/ssl/mysql/server.certSSL证书=的/ etc / SSL / MySQL的/ server.cert
ssl-key=/etc/ssl/mysql/server.keySSL的密钥=的/ etc / SSL / MySQL的/ server.key restart mysql :
mysqld restart重启mysql: mysqld restartCreate client keys
创建客户端密钥 Send those keys along with username and password.
将这些密钥与用户名和密码一起发送。
Following stackoverflow answers explain it in detail: 以下stackoverflow答案详细说明:
Connect to remote MySQL server with SSL from PHP 使用PHP从SSL连接到远程MySQL服务器
PHP to MySQL SSL Connections PHP到MySQL的SSL连接
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.