search

joomla-framework / database

Joomla Framework Database Package
GNU General Public License v2.0
28 stars 35 forks source link

sqlsrv driver needs encrypt state in config array #265

Open DaniDuesentrieb opened 2 years ago

DaniDuesentrieb commented 2 years ago

Steps to reproduce the issue

If you want to Connect to an unencrpyted MsSQL Server with the following connection array, a connection could not be established, because the encryption could not be set.

$option['driver'] = 'sqlsrv'; 
$option['host'] = 'server\\instancename, 1433';
$option['port'] = 1433;
$option['user'] = 'user';
$option['password'] = 'pass';
$option['database'] = 'DBName';
$option['prefix'] = '';

return JDatabaseDriver::getInstance($option);

Expected result

In the config array there is an option "encrypt" to set the state.

$option['driver'] = 'sqlsrv'; 
$option['host'] = 'server\\instancename, 1433';
$option['port'] = 1433;
$option['user'] = 'user';
$option['password'] = 'pass';
$option['database'] = 'DBName';
$option['prefix'] = '';
$option['encrypt'] = false;

return JDatabaseDriver::getInstance($option);

Actual result

System information (as much as possible)

Joomla 4.1.4 PHP 7.4.28 Linux Ubuntu Webserver sql_srv extension 5.10.0

Additional comments

In the file libraries\vendor\joomla\database\src\Sqlsrv\SqlsrvDriver.php at line 117 to 124 the config array needs the option encrypt, so the array must be change from this:

$config = [
    'Database'             => $this->options['database'],
    'uid'                  => $this->options['user'],
    'pwd'                  => $this->options['password'],
    'CharacterSet'         => 'UTF-8',
    'ReturnDatesAsStrings' => true
];

to this:

$config = [
    'Database'             => $this->options['database'],
    'uid'                  => $this->options['user'],
    'pwd'                  => $this->options['password'],
    'CharacterSet'         => 'UTF-8',
    'ReturnDatesAsStrings' => true,
    'encrypt'          => $this->options['encrypt']
];
richard67 commented 2 years ago

I think the suggested code change alone will not be sufficient because it requires $this->options['encrypt'] to be set. The code should also work if the option is not set, either by using a default value in that case or by only adding it to the $config array only if it is set.

richard67 commented 2 years ago

As we don't seem to support encrypted connections with the MS SQL driver (if I remember right), we could also just set the encrypt value to false in general in the $config array instead of having an option for it.