When using the SQL Anywhere PHP dll's, (5.4.12 in this case), can anyone tell me what sort of security there is in place for passing the username and password to the database. Is it encrypted in any way.
I don't see any options within the dll to send details encrypted but presume it is so any details would be very useful to put my client's mind at rest.
asked 25 Feb '15, 12:53
The connection information is always encrypted using AES before it is sent to the server. If you want bulletproof security (including encryption, protection against replay and man-in-the-middle attacks, and server authentication), you can use TLS. Here is the documentation on the Encryption connection parameter and the -ec server switch, both of which need to be used to make this happen.
answered 25 Feb '15, 13:33