What happened?
I have created a new configuration file using the following DAB CLI command:
dab init --database-type mssql --host-mode development --connection-string "@env('MSSQL')"
and I have a .env file that contains the environment variable with the connection string:
MSSQL='<Connection String Here>'
If I now add a entity via DAB CLI again:
dab add Todos --source dbo.todos --permissions "anonymous:*" --rest todos
Now the configuration file is updated and look like the following, where the environment variable reference is replaced with its value:
"data-source": {
"database-type": "mssql",
"connection-string": "\u003CConnection String Here\u003E",
"options": {
"set-session-context": false
}
},
This is wrong and potentially a security concern as in the config file there will now be the full connection string, with login and password details.
Version
Microsoft.DataApiBuilder 0.8.44-rc+ebe4ef414deaf7670b579fe160b872c6b682c114
What database are you using?
Azure SQL
What hosting model are you using?
Local (including CLI)
Which API approach are you accessing DAB through?
REST
Relevant log output
No response
Code of Conduct
What happened?
I have created a new configuration file using the following DAB CLI command:
and I have a
.envfile that contains the environment variable with the connection string:If I now add a entity via DAB CLI again:
Now the configuration file is updated and look like the following, where the environment variable reference is replaced with its value:
This is wrong and potentially a security concern as in the config file there will now be the full connection string, with login and password details.
Version
Microsoft.DataApiBuilder 0.8.44-rc+ebe4ef414deaf7670b579fe160b872c6b682c114
What database are you using?
Azure SQL
What hosting model are you using?
Local (including CLI)
Which API approach are you accessing DAB through?
REST
Relevant log output
No response
Code of Conduct