php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #14564 Trusted Connections Not Supported
Submitted: 2001-12-17 11:12 UTC Modified: 2016-10-15 23:06 UTC
Votes:15
Avg. Score:4.9 ± 0.2
Reproduced:15 of 15 (100.0%)
Same Version:5 (33.3%)
Same OS:6 (40.0%)
From: parkins dot graham at ppc-consulting dot co dot uk Assigned:
Status: Wont fix Package: MSSQL related
PHP Version: 4.1.0 OS: Windows NT 4/SQL Server 7
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
28 + 4 = ?
Subscribe to this entry?

 
 [2001-12-17 11:12 UTC] parkins dot graham at ppc-consulting dot co dot uk
I consider the inclusion of database usernames and passwords in scripts to be a security risk.

In a Windows environment it is possible to access SQL Server via a trusted connection.  This uses the context of the current logged in user.

Furthermore it is possible to configure IIS and presumably Apache to use a particular user account to service requests.

It is therefore possible (for example under ASP) to open a database connection without specifying a username or password in the script because the context of the current user account has permission to access the SQL Server.

I would be happy if this functionality could be implmented in the MS SQL Server extension.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-12 04:58 UTC] g dot sollis at syntegra dot nl
This would be great, as i too think it is a potential security risk to have usernames and passwords in the source-code. But instead of keeping it in MS-SQL functions i suggest it is also available for ODBC connections.

Just another small suggestion i thought of; maybe it's a good idea to implement a second (form of) 
[dbtype]_connect() function, which will accept something like an ODBC Connection String. This way it would be possible to either use the following:
1. DSN connection with specified user & password
2. DSN connection with trusted connection to db-server
3. DSN-less connection with connection string

The only way it is available now is by using the COM functionality. Which is OK if you want to go that way, but that does mean rewriting a lot of code if there is no db-abstraction layer in use.
 [2011-01-01 00:19 UTC] jani@php.net
-Package: Feature/Change Request +Package: MSSQL related
 [2016-10-15 23:06 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-10-15 23:06 UTC] kalle@php.net
With MSSQL being removed from PHP as of PHP7.0, and ext/mssql not having a maintainer, I'm gonna close this report as a Won't fix, until maybe one day it will find a new maintainer.

Alternatively you can use sqlsrv from Microsoft if you are on Windows, or pdo_dblib if you are on Unix.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 10:01:26 2024 UTC