Stop adding connection string into code when scaffolding
See original GitHub issueWhen I run the command:
dotnet ef dbcontext scaffold "<connection-string>" Microsoft.EntityFrameworkCore.SqlServer -o "Data" -c "ApiDbContext" -f
It generates a ApiDbContext.cs file with the following:
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
#warning To protect potentially sensitive information in your connection string, you should move it out of source code. See http://go.microsoft.com/fwlink/?LinkId=723263 for guidance on storing connection strings.
optionsBuilder.UseSqlServer(@"<connection string>");
}
I have literally just spent 2 hours trying to figure out why my our staging environments were hitting our development databases instead of our production databases. We run this command every time we have any database schema changes (because we do database first instead of code first) and this time I forgot to remove this.
It got lost in a code review because of other changes in that file as well as lots of changes in other areas of the code.
It got lost in the warnings message because the current build has a lot of warnings because of [Obsolete] tags that we cannot remedy immediately.
To me this whole situation is not good, if for no other reason then you are encouraging users to put their sensitive connection strings in source control while at the same time saying “this is a bad practice but we will still shove this in your code every time you run this command”. All it takes is one person to miss that message and it’s in source control forever (or can be a royal pain to remove if it’s an active code base).
While running dotnet ef dcontext scaffold --help I do not see any option to help remedy this either.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:18
- Comments:55 (18 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I can’t believe this was reported on 2017 and yet in 2020 we’re still facing this issue. Is it too hard to add a flag? Tons of enhancements come to VSCode yet it is really hard to add just a commandline flag and a boolean value to decide whether to do this or not? I keep adding/removing that bit of code between commits everytime I regenerate my dbcontext. This is just ridiculous.
+1 to everyone else’s voice here. We shouldn’t resort to use custom tools or batch files for something so simple, yet our voice remains unheard.
After looking at this more closely, the very first code snippet is actually not what we are generating with 2.0 packages. #6686 explicitly converted code to following style.
Which makes sure that if the DbContext is configured already, it won’t be reconfigured. So scaffolding actually does not change connection string and does not cause any issue of hitting wrong database. The problem does not exist actually.
Further, re-running scaffolding erases all custom modifications #831 fixes it. This is just one of the points of that issue.
It is quite ironic thread though. Beginners should read whole documentation line by line but reading code reviews in detail is not necessary. Beginners should learn to pass in extra flag as an extra step when removing 2 lines of code is huge step. It is unacceptable to put connectionstring in code when it is acceptable to ignore warnings during the build time.