Will It Vibe logoWill It Vibe?
CSHARP-016Medium severity-8 points

Connection string disables transport encryption or certificate trust

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

A SQL Server connection string sets Encrypt=False (data travels in the clear) or TrustServerCertificate=True (the client accepts any server certificate without validation), either of which defeats the transport security the driver would otherwise provide.

Why it matters

Encrypt=False sends all traffic between the application and SQL Server in the clear, so credentials and query data can be read or altered by anyone positioned on the network path. TrustServerCertificate=True tells the driver to accept the server's certificate without validating it against a trusted root, which defeats the point of using TLS at all: both settings leave the connection open to interception even though it looks encrypted.

How to fix it

Set Encrypt=True (the modern driver default) so traffic is actually encrypted, and set TrustServerCertificate=False so the client validates the server's certificate against a trusted CA. If you are connecting to a server with a self-signed or internal-CA certificate, install that CA in the trust store used by the connecting machine instead of disabling validation.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks