My project has to be scanned by software called 'Checkmarx', and it lists out vulnerabilities and how to fix them. One of them is "Missing_Column_Encryption" and "Insufficient_Connection_String_Encryption", where it says the SQL data that is being worked with needs to be encrypted. But when I add the suggested remediation, essentially adding enabling column encryption like this for example:
string connectionString = "Data Source=server63; Initial Catalog=Clinic; Integrated Security=true; Column Encryption Setting=enabled";
It fails to pull in data, which must be because of the encrypted values. I think I would need to add some other code on the Server side? Does anyone know how to properly implement SQL column encryption?
Thanks!