[英]How to create an encrypted connection to SQL Server from Ubuntu using PHP/PDO
I'm trying to connect to an SQL Server from a PHP/Zend Framework application running on Ubuntu and at a remote location. 我正在尝试从在Ubuntu上运行的PHP / Zend Framework应用程序和远程位置连接到SQL Server。
I'm trying to get the connecting application to request encryption from the SQL Server (since the default connection on 1433 is in the clear, and I don't want my credentials being sniffed). 我正在尝试让连接应用程序从SQL Server请求加密(因为1433上的默认连接是明确的,我不希望我的凭据被嗅探)。
I've configured the wildcard SSL certificate on the SQL Server, and I'm creating a PDO connection with the following DSN: 我在SQL Server上配置了通配符SSL证书,我正在使用以下DSN创建PDO连接:
dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=false;charset=
Taken from http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx 来自http://blogs.msdn.com/b/brian_swan/archive/2011/03/08/sql-server-driver-for-php-connection-options-encrypt.aspx
Since the host name doesn't match the installed certificate, I'd expect the connection to fail - but it doesn't fail. 由于主机名与安装的证书不匹配,我希望连接失败 - 但它不会失败。
Might it be that Encrypt=true;TrustServerCertificate
are not taken under consideration at all? 可能是
Encrypt=true;TrustServerCertificate
根本没有被考虑? Without being an expert on this please check out the documentation in PHP regarding PDO_DBLIB DSN
. 如果不是专家,请查看PHP中有关
PDO_DBLIB DSN
的文档。 As written there is a special parameter in the DSN that is called secure
and is currently unused. 如上所述,DSN中有一个特殊参数,称为
secure
且当前未使用。 I am not sure if this is supposed to be the correct way of declaring that you want a secure connection in this DSN and it is also not helpful at all the fact that it is tagged as unused
. 我不确定这是否应该是声明您希望在此DSN中建立安全连接的正确方法,并且它在标记为
unused
情况下也没有帮助。
In addition also do the following 另外还要做以下事情
In php.ini make sure the following is set: mssql.secure_connection = On
在php.ini中,确保设置以下内容: mssql.secure_connection = On
Have a look if connecting via PDO_ODBC
is better for what you want to achieve. 看看通过
PDO_ODBC
连接是否更适合您想要实现的目标。 For connecting via PDO_ODBC
check out this example 要通过
PDO_ODBC
进行连接, PDO_ODBC
查看此示例
try to install AES ENCRYPTION CERTIFICATE it's the best i have used to protect credentials from being sniffed 尝试安装AES ENCRYPTION CERTIFICATE这是我用来保护凭证免受嗅探的最好方法
dblib:host=server-not-matching-domain.com:1433;dbname=MyDB;Encrypt=true;TrustServerCertificate=true;charset=utf8
make the default value true of ssl crtificate in php.ini file and then procede with AES 在php.ini文件中使ssl crtificate的默认值为true,然后使用AES进行处理
It is a more complicated than just setting up a flag. 这比设置一个标志更复杂。
Refer this blog: http://www.madirish.net/214 请参阅此博客: http : //www.madirish.net/214
in my.cnf do the below settings: 在my.cnf中进行以下设置:
ssl-ca=/etc/ssl/mysql/server.csr SSL的CA =的/ etc / SSL / MySQL的/ server.csr
ssl-cert=/etc/ssl/mysql/server.cert SSL证书=的/ etc / SSL / MySQL的/ server.cert
ssl-key=/etc/ssl/mysql/server.key SSL的密钥=的/ etc / SSL / MySQL的/ server.key
restart mysql : mysqld restart
重启mysql:
mysqld restart
Create client keys 创建客户端密钥
Send those keys along with username and password. 将这些密钥与用户名和密码一起发送。
Following stackoverflow answers explain it in detail: 以下stackoverflow答案详细说明:
Connect to remote MySQL server with SSL from PHP 使用PHP从SSL连接到远程MySQL服务器
PHP to MySQL SSL Connections PHP到MySQL的SSL连接
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.