Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed the ConnectionString's password persistence in NetCore #453

Merged
merged 1 commit into from
Mar 11, 2020
Merged

Fixed the ConnectionString's password persistence in NetCore #453

merged 1 commit into from
Mar 11, 2020

Conversation

DavoudEshtehari
Copy link
Member

@DavoudEshtehari DavoudEshtehari commented Mar 3, 2020
edited by cheenamalhotra
Loading

Fixes #448

@DavoudEshtehari
Copy link
Member Author

If PersistSecurityInfo = false be set in a ConnectionString, we should not get the password in an open sqlConnection's ConnectionString property.

@DavoudEshtehari DavoudEshtehari marked this pull request as ready for review March 3, 2020 22:14
@cheenamalhotra cheenamalhotra requested a review from roji March 4, 2020 00:03
@cheenamalhotra cheenamalhotra added this to the 2.0.0-preview2 milestone Mar 4, 2020
David-Engel
David-Engel reviewed Mar 4, 2020
View reviewed changes
Copy link
Contributor

@David-Engel David-Engel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are more instances of _hasPasswordKeyword and comparing the code from netfx, netcore, and their histories, I think we should remove _hasPasswordKeyword and replace them all with correct references to HasPasswordKeyword. HasPasswordKeyword was re-introduced from the AAD auth port from netfx to netcore and looks like it should have simply replaced _hasPasswordKeyword at that time.

Fixed the ConnectionString's password leak
6d20f6a 
With set PersitSecurityInfo = false @netcore
@DavoudEshtehari DavoudEshtehari merged commit 4beb864 into dotnet:master Mar 11, 2020
@cheenamalhotra cheenamalhotra changed the title Fixed the ConnectionString's password leak in NetCore Fixed the ConnectionString's password persistence in NetCore Mar 11, 2020
@DavoudEshtehari DavoudEshtehari mentioned this pull request Mar 25, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@David-Engel David-Engel David-Engel left review comments

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

@JRahnama JRahnama Awaiting requested review from JRahnama

@karinazhou karinazhou Awaiting requested review from karinazhou

@roji roji Awaiting requested review from roji

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.0-preview2
Development

Successfully merging this pull request may close these issues.

Persist Security Info=false isn't respected
3 participants
@DavoudEshtehari @cheenamalhotra @David-Engel