如何使用 mysqli 与 SSL 连接
我正在尝试与我的数据库建立安全连接
I'm trying to make a secure connection with my database
我写了以下代码:
<?php
// form filled?
if (isset($_POST['submit'])) {
$user = 'gebruiker';
$pass = 'gebruiker';
$db = new mysqli('localhost', $user, $pass, 'forum');
if (mysqli_connect_errno()) {
echo 'database doesnt work';
file_put_contents('MySQLiErrors.txt', date('[Y-m-d H:i:s]') . mysqli_connect_error() . "
", FILE_APPEND);
exit();
} else {
$username = $_POST['username'];
$userspassword = $_POST['password'];
$salt = strrev($userspassword . substr(0, 4));
$password = hash('sha512', $userspassword . $salt);
$statement = $db->prepare("SELECT id,username FROM user WHERE username = ? AND password = ?");
$statement->bind_param("ss", $username, $password);
$statement->execute();
$result = $statement->get_result();
$statement->close();
$count = $result->num_rows;
if ($count > 0) {
session_start();
$_SESSION["username"] = $username;
header("Location: forum.php");
} else {
$_SESSION['Error'] = "Invalid username or password";
}
}
$db->close();
}
我还在 php.net 上阅读了一些关于 SSL 连接的内容,但我不知道如何在这种情况下实现这一点.
I also read something about SSL connections on php.net but I don't have any idea how to implement this in this case.
http://php.net/manual/en/mysqli.ssl-set.php
我的代码在 fedora 21 上运行并且运行良好,但接下来我想要的是使用 SSL 的安全连接.
My code is running on fedora 21 and it works fine but the next thing I want is a secure connection using SSL.
推荐答案
您不需要客户端证书和私钥,并且在大多数情况下,您不希望 MySQL 服务器验证客户端证书.
You do NOT need the client certificate and private key and in most cases you do NOT want MySQL server to verify the client certificate.
但是客户端必须使用 CA 证书验证服务器证书以防止 MITM.
Client however MUST verify server certificate using CA certificate to prevent MITM.
<?php
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->ssl_set(NULL, NULL, "/etc/ssl/certs/ca-bundle.crt", NULL, NULL);
$mysqli->real_connect('hostname', 'user', 'password', 'database');
$mysqli->close();
?>
相关文章