Open willbush opened 11 months ago
Hi @willbush , thanks for reporting this. I agree.
We could also error at compile time in case none of the TLS features is selected, but it is legit to not want encryption at all, and we can't know the intent before runtime, so I agree it should be a runtime error. Probably a regular error upon connecting, or do you think a panic would be preferable?
Sure, I think a regular error is fine.
we can't know the intent before runtime
Could no encryption be a opt-in feature flag? Then perhaps it could be compile time. I guess that would be an API breaking change though.
I was playing around with wireshark and comparing sql auth (username / password) on linux in this library to
Microsoft.Data.SqlClient
in C#.The code I was testing just performs login / disconnect to the database in both C# and Rust.
I was puzzled as to why the traffic using Tiberius was unencryped despite me using
encrypt=true
in the ADO.NET connection string.I realized it was because I used
default-features = false
and did not opt backin to one of the TLS feature flags:I'm filing an issue because perhaps this should be a panic at runtime?