Password credential string exposed

Jan 29, 2015 at 3:16 PM
First of all, great tool.

I find when developing a package using VS2012 for SQL Server 2012 the password credential is masked as part of the Data Flow Component but if you view the properties of the Data Flow in general, the property is exposed as plain text.

Ideally, I like the direction of existing issues to allow option to pass through the windows credential of what runs the package. I believe intent might be to utilize CredentialCache.DefaultNetworkCredentials?
Jan 29, 2015 at 4:50 PM
It looks like you do support windows credential! Just leave account and password blank. Missed this when looking through source code.
Jan 31, 2015 at 11:50 PM
The component exposes a property called UseTaskSecurityContext, which is enabled by default on domain-joined machines. When enabled, Windows Integrated Authentication will be tried, hence no need to provide a password.

If you have a requirement to authenticate via explicitly provided credentials then set UseTaskSecurityContext to false and supply values for ConnectionAccountName and ConnectionAccountPassword properties. With respect to encrypting the value of ConnectionAccountPassword, I recommend relying on SSIS's built capabilities described here [].