PYODBC + MS SQL SERVER 连接与 Encrypt=yes 未连接
[英]PYODBC + MS SQL SERVER connection with Encrypt=yes not connecting
问题描述
We have a python flask app running on an aws centos ECS instance.
我们有一个 python flask 应用程序在 aws centos ECS 实例上运行。 We are trying to establish an encrypted connection to our database via PYODBC with odbc 17 on Linux.我们正在尝试通过 PYODBC 与 Linux 上的 odbc 17 建立与数据库的加密连接。 When running locally we just use the SQL server driver.在本地运行时,我们只使用 SQL 服务器驱动程序。 Currently we have the code:目前我们有代码:
params = urllib.parse.quote_plus(driver;server;user;pwd;...;Encrypt=yes)
SQLALCHEMY_DATABASE_URI="mssql+PYODBC:///?odbc_connect=%s" %params
We have tls enabled on the server.我们在服务器上启用了 tls。 The connection works locally on windows but not deployed in Linux.该连接在 windows 本地工作,但未部署在 Linux 中。 Currently doing a deployment with 'yes' instead of 'true'.目前使用“yes”而不是“true”进行部署。 We are also about to try with 'trustedserverconnection=yes'.我们还将尝试使用“trustedserverconnection=yes”。 Any insight on this process would be greatly appreciated!对此过程的任何见解将不胜感激!
Update: latest error, invalid connection string attribute 'trustservercertificate'更新:最新错误,无效的连接字符串属性 'trustservercertificate'
2 个解决方案
解决方案1
1 已采纳 2020-06-18 14:39:21
We ended up implementing a second connection param:我们最终实现了第二个连接参数:
TrustServerCertificate=YES
Which is not ideal, obviously, because we want to have good security implementation practices.显然,这并不理想,因为我们希望有良好的安全实施实践。 In future state we will need to set this to false and put our ssl pem file in the Linux ssl store. In future state we will need to set this to false and put our ssl pem file in the Linux ssl store.
Hope this helps someone.希望这可以帮助某人。 Had some issues finding documentation for pyodbc with MS SQL Server.在使用 MS SQL 服务器查找 pyodbc 文档时遇到了一些问题。
解决方案2
0 2021-07-23 21:48:41
According to this documentation , pyodbc passes the connection string through to the underlying ODBC driver.根据此文档,pyodbc 将连接字符串传递给底层 ODBC 驱动程序。 Microsoft's article Using Connection String Keywords with SQL Server Native Client documents both the Encrypt and TrustServerCertificate attributes. Microsoft 的文章Using Connection String Keywords with SQL Server Native Client记录了Encrypt和TrustServerCertificate属性。 The TrustServerCertificate setting should generally be avoided in production databases; TrustServerCertificate设置通常应在生产数据库中避免; however, it is very useful when testing encrypted connections to a development database that is using a self-signed certificate.但是,在测试与使用自签名证书的开发数据库的加密连接时,它非常有用。 For example, the default installation of SQL Server uses a self-signed certificate and will require this setting.例如,SQL 服务器的默认安装使用自签名证书,并且需要此设置。
In my mssql+pyodbc connection strings I just append ?Encrypt=yes&TrustServerCertificate=yes as appropriate.在我的mssql+pyodbc连接字符串中,我只是 append ?Encrypt=yes&TrustServerCertificate=yes视情况而定。 Please note, if you already have another setting after a question mark ?请注意,如果您在问号后已有其他设置? then use & instead of ?然后使用&代替? , for example: ?Trusted_Connection=yes&Encrypt=yes&TrustServerCertificate=yes ,例如: ?Trusted_Connection=yes&Encrypt=yes&TrustServerCertificate=yes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.