Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent Integrated Security and SQL Authentication at the same time #5028

Closed
michaelnoonan opened this issue Oct 26, 2018 · 2 comments

Comments

@michaelnoonan
Copy link
Contributor

commented Oct 26, 2018

The enhancement

Prevent the SQL Database Connection String for Octopus Server from being configured with both Integrated Security enabled, and SQL Authentication with a username and/or password credential. A customer discovered they had changed their connection string to enable Integrated Security (which takes precedence) but had left the User ID and Password fields thinking they needed to keep them up to date. Since the connection string is stored in clear-text in the configuration file, this was a cause for security concern.

Let's simply prevent that from happening by:

  • Validating input to the database command-line interface
  • Validating the connection string when we first try to use it

Workarounds

You can simply delete the User ID and Password fields from the connection string if you are using Integrated Security.

Links

OctopusDeploy/OctopusDeploy#3036

@michaelnoonan

This comment has been minimized.

Copy link
Contributor Author

commented Oct 26, 2018

Release Note: Now preventing the SQL Database connection string from containing both Integrated Security and SQL Authentication with User ID or Password to prevent confusion

@lock

This comment has been minimized.

Copy link

commented Jan 24, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
1 participant
You can’t perform that action at this time.