Fix | Disable encryption when connecting to SQL Local DB #1312
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cheenamalhotra
requested review from
johnnypham,
Kaur-Parminder,
JRahnama and
DavoudEshtehari
JRahnama
reviewed
Oct 4, 2021
src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/LocalDBTest/LocalDBTest.cs
Show resolved
Hide resolved
|
LGTM. Just a minor suggestion. |
JRahnama
approved these changes
Oct 5, 2021
johnnypham
approved these changes
Oct 6, 2021
1 task
Aniruddh25
added a commit
to Azure/data-api-builder
that referenced
this pull request
Jan 30, 2023
… configured (#1134) ## Why make this change? - Close #1080 ## What is this change? - Add a new property `IsLateConfigured` to `RuntimeConfigProvider` to identify late configuration. If configuration is NOT provided at startup, we mandate connections to SQL databases are encrypted and that the client verifies the server certificate. - This translates to `Encrypt=true, TrustServerCertificate=false` attributes of the connection string. Server name in the connection string should match the certificate name exactly. - However, if configuration is provided at startup, we will rely on the connection string to provide the correct settings for encrypted connections/server certificate validations in order to suit local development preferences. - Modify `SqlQueryExecutor` to store a `ConnectionStringBuilder` property instead of `ConnectionString` to easily set different attributes of the connection string. - Even though the integration tests provide configuration at startup, we set `IsLateConfigured = true` so the tests run with encrypted connections always since that is the most secure way. - To enable encryption for SQL Server on Linux, we added a modified `start-mssql-server.bash` script. Referred [this doc.](https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-docker-container-security?view=sql-server-ver16#encrypt-connections-to-sql-server-linux-containers) ## How was this tested? - [X] Integration Tests All test serve good regression since connections fail if the connection string properties aren't honored. ## Sample Request(s) ``` # Example Connection string when self signed cert name = mssqlserver.cert.name "Server=mssqlserver.cert.name,1433;Database=master;MultipleActiveResultSets=False;User=sa;Password=XXX;Encrypt=true;TrustServerCertificate=false" ``` ## Note For testing on SQL Server on windows, we use SQL LocalDB which doesn't support encryption.  The SqlClient library would override and disable encryption for local db as per this change: dotnet/SqlClient#1312 Since encryption is disabled for SQLLocalDB on Windows, this change is only tested for SQL on Linux. ## References: 1. [TLS Considerations]( https://learn.microsoft.com/en-us/azure/azure-sql/database/connect-query-content-reference-guide?view=azuresql#tls-considerations-for-database-connectivity) 2. [Client Initiated Encryption](https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-encrypted-connections?view=sql-server-ver16#client-initiated-encryption)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change disables encryption when a connection to SQL Local DB is being made as SQL Local DB does not support encryption.