From 27dff96ecfcfafebe21c8c4780ef727899d39351 Mon Sep 17 00:00:00 2001 From: Rkannan <85091462+OctaOmega@users.noreply.github.com> Date: Sun, 12 Apr 2026 17:48:23 -0400 Subject: [PATCH] Update base.py This change fixes an authentication issue in _build_connection_string() where Trusted_Connection is implicitly enabled even when it was never configured by the user. --- mssql/base.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/mssql/base.py b/mssql/base.py index 3b9d81b9..ef2f8fb3 100644 --- a/mssql/base.py +++ b/mssql/base.py @@ -289,7 +289,7 @@ def _build_connection_string(self, conn_params, driver): user = conn_params.get('USER', None) password = conn_params.get('PASSWORD', None) port = conn_params.get('PORT', None) - trusted_connection = conn_params.get('Trusted_Connection', 'yes') + trusted_connection = conn_params.get('Trusted_Connection', None) options = conn_params.get('OPTIONS', {}) dsn = options.get('dsn', None) @@ -331,10 +331,18 @@ def _build_connection_string(self, conn_params, driver): cstr_parts['PWD'] = password elif 'TOKEN' not in conn_params: if ms_drivers.match(driver) and 'Authentication=ActiveDirectoryMsi' not in options_extra_params: - cstr_parts['Trusted_Connection'] = trusted_connection + # Do not implicitly force Windows authentication. + # Only include Trusted_Connection when explicitly configured. + if trusted_connection is not None: + cstr_parts['Trusted_Connection'] = trusted_connection else: - cstr_parts['Integrated Security'] = 'SSPI' - + # Preserve legacy behavior for non-Microsoft drivers. + # For Microsoft drivers, avoid injecting an authentication mode + # unless explicitly requested through USER/PASSWORD, TOKEN, + # or Trusted_Connection. + if not ms_drivers.match(driver): + cstr_parts['Integrated Security'] = 'SSPI' + cstr_parts['DATABASE'] = database if ms_drivers.match(driver) and os.name == 'nt':