Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed the ConnectionString's password persistence in NetCore #453

Merged
merged 1 commit into from
Mar 11, 2020

Conversation

DavoudEshtehari
Copy link
Contributor

@DavoudEshtehari DavoudEshtehari commented Mar 3, 2020

Fixes #448

@DavoudEshtehari
Copy link
Contributor Author

If PersistSecurityInfo = false be set in a ConnectionString, we should not get the password in an open sqlConnection's ConnectionString property.

@DavoudEshtehari DavoudEshtehari marked this pull request as ready for review March 3, 2020 22:14
@cheenamalhotra cheenamalhotra requested a review from roji March 4, 2020 00:03
@cheenamalhotra cheenamalhotra added this to the 2.0.0-preview2 milestone Mar 4, 2020
Copy link
Contributor

@David-Engel David-Engel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are more instances of _hasPasswordKeyword and comparing the code from netfx, netcore, and their histories, I think we should remove _hasPasswordKeyword and replace them all with correct references to HasPasswordKeyword. HasPasswordKeyword was re-introduced from the AAD auth port from netfx to netcore and looks like it should have simply replaced _hasPasswordKeyword at that time.

With set PersitSecurityInfo = false @netcore
@DavoudEshtehari DavoudEshtehari merged commit 4beb864 into dotnet:master Mar 11, 2020
@cheenamalhotra cheenamalhotra changed the title Fixed the ConnectionString's password leak in NetCore Fixed the ConnectionString's password persistence in NetCore Mar 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Persist Security Info=false isn't respected
3 participants