This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Still have cleartext passwords in MSI log file
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Mar 21, 2012
08:55 AM
Still have cleartext passwords in MSI log file
I've done the following:
1. Set MsiHiddenProperties in the Property Manager to:
VFLS_DB_PASSWORD;CreatePropertiesFile;VFLS_VC_PASSWORD;Rollback_UnregisterServerAsExtensionAction;Rollback_RegisterServerAsExtension;RegisterServerAsExtensionAction;UnregisterServerAsExtensionAction
VFLS_DB_PASSWORD and VFLS_VC_PASSWORD are the two passwords, and the other entries are the custom actions that are passed those passwords (as well as other parameters).
2. I've also gone through the Direct Editor (CustomAction table) and for each property custom action which passes a password to a deferred or rollback custom action, set its Type to 8243 (51 + 8192). In this case, the property custom action is called CreatePropertiesFileProps (I suffix all the property custom actions with "Props" so I can keep them straight from the true actions.)
This has cleaned up nearly all, but not all, occurrences of the cleartext password issue in the MSI log file.
For each custom action, there is exactly one entry in the log file that looks like:
MSI (s) (D8:44) [08:23:03:546]: Executing op: CustomActionSchedule(Action=CreatePropertiesFile,ActionType=1025,Source=BinaryData,Target=f5,CustomActionData=C:\Program Files\VMware\Infrastructure\tomcat\webapps\vfabric-license-server\;vfabric;vfabric;MyCleartextPassword;C:\Users\bnelson\AppData\Local\Temp\vimtool\)
As you can see, I pass other parameters besides the password into the custom action; I shouldn't need to put those other properties into MsiHiddenProperties, should I? That doesn't make much sense.
I have looked high and low, and can't find any reason why this should be happening.
I'm using InstallShield Premier, 2011.
I've got a Min schema version of 200 in the General Information section.
I'm testing on Windows Server 2008, 64 bit.
If anyone has any ideas, I'd be grateful.
Thanks,
Brian
1. Set MsiHiddenProperties in the Property Manager to:
VFLS_DB_PASSWORD;CreatePropertiesFile;VFLS_VC_PASSWORD;Rollback_UnregisterServerAsExtensionAction;Rollback_RegisterServerAsExtension;RegisterServerAsExtensionAction;UnregisterServerAsExtensionAction
VFLS_DB_PASSWORD and VFLS_VC_PASSWORD are the two passwords, and the other entries are the custom actions that are passed those passwords (as well as other parameters).
2. I've also gone through the Direct Editor (CustomAction table) and for each property custom action which passes a password to a deferred or rollback custom action, set its Type to 8243 (51 + 8192). In this case, the property custom action is called CreatePropertiesFileProps (I suffix all the property custom actions with "Props" so I can keep them straight from the true actions.)
This has cleaned up nearly all, but not all, occurrences of the cleartext password issue in the MSI log file.
For each custom action, there is exactly one entry in the log file that looks like:
MSI (s) (D8:44) [08:23:03:546]: Executing op: CustomActionSchedule(Action=CreatePropertiesFile,ActionType=1025,Source=BinaryData,Target=f5,CustomActionData=C:\Program Files\VMware\Infrastructure\tomcat\webapps\vfabric-license-server\;vfabric;vfabric;MyCleartextPassword;C:\Users\bnelson\AppData\Local\Temp\vimtool\)
As you can see, I pass other parameters besides the password into the custom action; I shouldn't need to put those other properties into MsiHiddenProperties, should I? That doesn't make much sense.
I have looked high and low, and can't find any reason why this should be happening.
I'm using InstallShield Premier, 2011.
I've got a Min schema version of 200 in the General Information section.
I'm testing on Windows Server 2008, 64 bit.
If anyone has any ideas, I'd be grateful.
Thanks,
Brian
(1) Reply
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Mar 21, 2012
12:07 PM
It turns out I needed to add 8192 to the Type values for my Deferred and Rollback actions as well.
What threw me off is that in all the information I found on the subject, this was never mentioned, unless I totally missed it.
What threw me off is that in all the information I found on the subject, this was never mentioned, unless I totally missed it.