search

microsoft / go-sqlcmd

The new sqlcmd, CLI for SQL Server and Azure SQL (winget install sqlcmd / sqlcmd create mssql / sqlcmd open ads)
https://learn.microsoft.com/sql/tools/sqlcmd/go-sqlcmd-utility
MIT License
323 stars 56 forks source link

Need a way to pass the HostNameInCertificate parameter for strict encryption connections #504

Open shueybubbles opened 5 months ago

shueybubbles commented 5 months ago

For legacy mode we have a few options:

  1. Add a new flag for HNIC.
  2. Make HNIC an optional parameter to -C, such that -C X means "trust the cert only if its subject is X"
  3. Expand the optional arguments to -N so that each encryption type can have parameters of its own. Something like this: -N strict:HNIC=myhost.com

Option 1 is a pain because we are running out of flags. Option 2 solves for this specific problem.

Option 3 is intriguing because it opens the door for supporting more encryption parameters in the future without needing to add new flags. It also simplifies detection of invalid flag combinations.

@dlevy-msft

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

apoorvdeshmukh commented 5 months ago

Option 3 looks good. due to the flexibility it offers to add future parameters. I guess we could extend it to other flags as well if needed.

stuartpa commented 5 months ago

@stuartpa how does the modern mode allow the user to set encryption values for connections to non-container instances?

It doesn't today. Users seem to be using the sqlconfig file for connections to containers on the local machine at the moment