The current SQL connection string does not specify Encrypt=True, which makes the connection insecure and susceptible to man-in-the-middle attacks.
Recommendation
Update the SQL connection string to enforce encryption by setting Encrypt=True.
Example
// Corrected code with Encrypt=True
SqlConnection m_dbConnection = new SqlConnection("Data Source=webroam.sdf;Version=3;Encrypt=True;");
m_dbConnection.Open();
SqlCommand command = new SqlCommand("SELECT score, name, family FROM highscores", m_dbConnection);
command.CommandText = "SELECT score, name, family FROM highscores";
command.ExecuteNonQuery();
m_dbConnection.Close();
mostafa-technet
commented
1 month ago
Description
The current SQL connection string does not specify
Encrypt=True, which makes the connection insecure and susceptible to man-in-the-middle attacks.Recommendation
Update the SQL connection string to enforce encryption by setting
Encrypt=True.Example
References Microsoft: SqlConnection.ConnectionString Property Common Weakness Enumeration: CWE-327