cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IlkkaV
Level 7

Preventing passwords from getting written to log files

Hi

I have a Basic MSI project and a slight dilemma there. I'd need to ask user credentials during the UI phase and pass them to a custom action in the execute phase to be handled. However, doing that the normal way using CustomActionData would cause those credentials (especially the password) to be written to the MSI log file. I wouldn't like to disable MSI logging as that provides useful troubleshooting information but having passwords there is an obvious security issue. Is there a way to prevent certain data from being written to the log in clear text? Or do I have to write a separate application that's launched during the execute phase to request those credentials?
Labels (1)
0 Kudos
(5) Replies
hidenori
Level 17

Have you considered using the MsiHiddenProperties property?
0 Kudos
IlkkaV
Level 7

hidenori wrote:
Have you considered using the MsiHiddenProperties property?


I forgot about that one, it's just the thing I need! Thanks 🙂
0 Kudos
IlkkaV
Level 7

Unfortunately there's a little problem with that. Even though I've hidden the actual property containing the password as well as the property used for passing custom action data, it's still written to the log at this point:

[CODE]MSI (s) (E4:A8) [12:05:59:540]: Executing op: CustomActionSchedule(Action=CreatePasswordAlias,ActionType=3073,Source=BinaryData,Target=f10,CustomActionData=)[/CODE]

Any ideas on how to solve this one?
0 Kudos
hidenori
Level 17

You may also want to try the Custom Action Hidden Target Option. InstallShield currently does not expose the setting in the Custom Actions view. In the Direct Editor, you need to add 0x2000 (8192) to the type of your custom action that you want to prevent from writing the value in the Target column into the log file.
0 Kudos
IlkkaV
Level 7

Thanks again hidenori, seems to work fine once again 🙂
0 Kudos