| Ticket Hash: | 23d8d6171e35f44866afa8d763607adfa7402950 | ||
| Title: | Password in ConnectionString is visible in Trace | ||
| Status: | Closed | Type: | Feature_Request |
| Severity: | Important | Priority: | Blocker |
| Subsystem: | Connection | Resolution: | Fixed |
| Last Modified: |
2018-12-23 05:02:00 7.41 years ago |
Created: |
2018-12-15 20:56:28 7.43 years ago |
| Version Found In: | 1.0.109.0 | ||
| User Comments: | ||||
anonymous added on 2018-12-15 20:56:28:
(text/x-fossil-plain)
When using Password=abc; in the ConnectionString, if the ConnectionString is displayed in a Trace it contains the visible password. mistachkin added on 2018-12-16 19:29:58:
(text/x-fossil-plain)
This can be changed as long as masking the password is controlled by a connection flag that is disabled by default (i.e. for backward compatibility). mistachkin added on 2018-12-23 05:02:00:
(text/x-fossil-plain)
Fixed on trunk via check-in [02ed8cae60ffa75c]. Using the new "HidePassword" connection flag will attempt to prevent the password from showing up -OR- being saved anywhere that is not needed. | ||||