DacFx icon indicating copy to clipboard operation
DacFx copied to clipboard
verified publisher icon microsoft

Password visible in clear text in the process command line - Source/Target Passwords

Open deveshgupta2910 opened this issue 3 years ago • 1 comments

  • SqlPackage or DacFx Version:
  • .NET Framework (Windows-only) or .NET Core:
  • Environment (local platform and source/target platforms):

Steps to Reproduce:

  1. Try to export a database using SQL Authentication in Azure SQL. The executable accepts the password as {String} instead of {SecureString}.

Did this occur in prior versions? If not - which version(s) did it work in? It happens with all versions of SQLPackage.exe.

(DacFx/SqlPackage/SSMS/Azure Data Studio)

deveshgupta2910 avatar Nov 17 '22 05:11 deveshgupta2910

If Windows Server is secured, all processes executed are visible in Event Log together with command line used. This is a security concern and complicates log monitoring.

ggercman avatar Mar 17 '24 18:03 ggercman