You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ConnectionString property in the .NET Connector returns the connection string without obfuscation, which can expose sensitive information.
The customer proposes that sensitive information within the connection string be internally encrypted to enhance security, making it harder to discover through memory inspection or dumps.
C# example :
using Snowflake.Data.Client;
namespace ConsoleApp2
{
internal class Program
{
static void Main(string[] args)
{
var con = new SnowflakeDbConnection("ACCOUNT=myAccount;PASSWORD=MyPasswordMustBeSecure;PRIVATE_KEY_PWD=PriveKeypasswordMustBeSecure;TOKEN=MustSecureAlso;PROXYPASSWORD=ProxyPasswordMustBeSecure");
Console.WriteLine($"GET BACK connection string : {con.ConnectionString}");
}
}
}
Output :
GET BACK connection string : ACCOUNT=myAccount;PASSWORD=MyPasswordMustBeSecure;PRIVATE_KEY_PWD=PriveKeypasswordMustBeSecure;TOKEN=MustSecureAlso;PROXYPASSWORD=ProxyPasswordMustBeSecure
Version of .NET driver - Latest one : 3.1.0
The ConnectionString property in the .NET Connector returns the connection string without obfuscation, which can expose sensitive information.
The customer proposes that sensitive information within the connection string be internally encrypted to enhance security, making it harder to discover through memory inspection or dumps.
C# example :
You can see that ConnectionString returns the string (the get member) without any obfuscation treatment.
https://github.com/snowflakedb/snowflake-connector-net/blob/master/Snowflake.Data/Client/SnowflakeDbConnection.cs#L62-L66
The text was updated successfully, but these errors were encountered: