I'm writing a PHP script for a webserver to output data (list the data in a table) it gets from a SQL server on another site through NAT (not the same ip as the webserver host). Now I wonder if I have to take any security measures for protecting the transport way of the connection.
I know I have to put the login data in an extra file with locked access rights but no question by other people seems to care about how the connection is established...
When the webserver establishes the connection to the site of the SQL server will it be a safe connection automatically and will it encrypt the password (which is encrypted on the SQL server too) and just hand over the hash OR do I have to setup a VPN or anything like that?
$servername = "127.0.0.1";
$username = "userxyz";
$password = "passwordxyz";
$dbname = "databasexyz";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT ..";
$result = $conn->query($sql);
´´´
