I'm connecting to MS SQL Server 2014 via PHP and sql_srv:
<?php
$serverName = "SQLEXPRESS";
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>"1234");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
?>
As you can see, password stored just in a plain text. So if somebody will access to php file with this connection info they will gain root-access to my DB. How I can encrypt it?
I've tried something like this:
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>MD5("1234"));
or
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>MD5('1234'));
or
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>MD5(1234));
or
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>"MD5(1234))";
etc but always got auth-error... maybe because
- I used incorrect syntax
- MS SQL storing passwords not in MD5 by default
How I can encrypt password in "PWD" filed to keep it safely in connection-info file? Thanks!
UPDATED:
I've realized that even if I wrote something like "PWD"=>MD5("1234") I will SEND it in MD5, but still keep it as plain text in my configuration file, ROFL!
So I think that I need something like this:
$connectionInfo = array( "Database"=>"TDB", "UID"=>"TEST", "PWD"=>"81dc9bdb52d04dc20036dbd8313ed055");
where 81dc9bdb52d04dc20036dbd8313ed055 - MD5 hash of '1234' password
