Skip to content

Fixed the ConnectionString's password persistence in NetCore #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DavoudEshtehari merged 1 commit into from
Mar 11, 2020
Merged

Fixed the ConnectionString's password persistence in NetCore #453

DavoudEshtehari merged 1 commit into from
Mar 11, 2020

Conversation

@DavoudEshtehari
Copy link
Contributor

@DavoudEshtehari DavoudEshtehari commented Mar 3, 2020
edited by cheenamalhotra
Loading

Fixes #448

@DavoudEshtehari
Copy link
Contributor Author

DavoudEshtehari commented Mar 3, 2020

If PersistSecurityInfo = false be set in a ConnectionString, we should not get the password in an open sqlConnection's ConnectionString property.

@DavoudEshtehari DavoudEshtehari marked this pull request as ready for review March 3, 2020 22:14
@cheenamalhotra cheenamalhotra requested a review from roji March 4, 2020 00:03
@cheenamalhotra cheenamalhotra added this to the 2.0.0-preview2 milestone Mar 4, 2020
David-Engel
David-Engel reviewed Mar 4, 2020
View reviewed changes
Copy link
Contributor

@David-Engel David-Engel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are more instances of _hasPasswordKeyword and comparing the code from netfx, netcore, and their histories, I think we should remove _hasPasswordKeyword and replace them all with correct references to HasPasswordKeyword. HasPasswordKeyword was re-introduced from the AAD auth port from netfx to netcore and looks like it should have simply replaced _hasPasswordKeyword at that time.

@DavoudEshtehari
Fixed the ConnectionString's password leak
6d20f6a 
With set PersitSecurityInfo = false @netcore
@DavoudEshtehari DavoudEshtehari merged commit 4beb864 into dotnet:master Mar 11, 2020
@cheenamalhotra cheenamalhotra changed the title Fixed the ConnectionString's password leak in NetCore Fixed the ConnectionString's password persistence in NetCore Mar 11, 2020
@DavoudEshtehari DavoudEshtehari mentioned this pull request Mar 25, 2020
Merged
@dependabot dependabot bot mentioned this pull request Jul 23, 2025
Open
@dependabot dependabot bot mentioned this pull request Dec 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@David-Engel David-Engel David-Engel left review comments

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

@JRahnama JRahnama Awaiting requested review from JRahnama

@karinazhou karinazhou Awaiting requested review from karinazhou

@roji roji Awaiting requested review from roji

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.0.0-preview2

Development

Successfully merging this pull request may close these issues.

Persist Security Info=false isn't respected

3 participants

@DavoudEshtehari @cheenamalhotra @David-Engel