Last post Sep 19, 2019 10:13 PM by mgebhard
Sep 19, 2019 09:09 PM|RDesh|LINK
My project has to be scanned by software called 'Checkmarx', and it lists out vulnerabilities and how to fix them. One of them is "Missing_Column_Encryption" and "Insufficient_Connection_String_Encryption", where it says the SQL data that is being worked
with needs to be encrypted. But when I add the suggested remediation, essentially adding enabling column encryption like this for example:
string connectionString =
"Data Source=server63; Initial Catalog=Clinic; Integrated Security=true; Column Encryption Setting=enabled";
It fails to pull in data, which must be because of the encrypted values. I think I would need to add some other code on the Server side? Does anyone know how to properly implement SQL column encryption?
Sep 19, 2019 10:13 PM|mgebhard|LINK
Does anyone know how to properly implement SQL column encryption?
I would start by reading the reference documentation to make sure understand what
Column Encryption Setting=enabled does and if the approach will work with your existing design.