The ConnectionString property in the .NET Connector returns the connection string without obfuscation, which can expose sensitive information.
The customer proposes that sensitive information within the connection string be internally encrypted to enhance security, making it harder to discover through memory inspection or dumps.
C# example :
using Snowflake.Data.Client;
namespace ConsoleApp2
{
internal class Program
{
static void Main(string[] args)
{
var con = new SnowflakeDbConnection("ACCOUNT=myAccount;PASSWORD=MyPasswordMustBeSecure;PRIVATE_KEY_PWD=PriveKeypasswordMustBeSecure;TOKEN=MustSecureAlso;PROXYPASSWORD=ProxyPasswordMustBeSecure");
Console.WriteLine($"GET BACK connection string : {con.ConnectionString}");
}
}
}
Output :
GET BACK connection string : ACCOUNT=myAccount;PASSWORD=MyPasswordMustBeSecure;PRIVATE_KEY_PWD=PriveKeypasswordMustBeSecure;TOKEN=MustSecureAlso;PROXYPASSWORD=ProxyPasswordMustBeSecure
Version of .NET driver - Latest one : 3.1.0
The ConnectionString property in the .NET Connector returns the connection string without obfuscation, which can expose sensitive information. The customer proposes that sensitive information within the connection string be internally encrypted to enhance security, making it harder to discover through memory inspection or dumps.
C# example :
You can see that ConnectionString returns the string (the get member) without any obfuscation treatment. https://github.com/snowflakedb/snowflake-connector-net/blob/master/Snowflake.Data/Client/SnowflakeDbConnection.cs#L62-L66