This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Where does InstallShield store SQL Credentials entered by the user?
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Nov 14, 2011
05:40 AM
Where does InstallShield store SQL Credentials entered by the user?
Installshield seems to store SQL Credentials entered during the installation and reuse them for maintance / uninstall if needed (i.e. if there are SQL-Components to reinstall / uninstall).
How / where is this information stored? Can I somehow access it or write it manually?
How / where is this information stored? Can I somehow access it or write it manually?
(3) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Nov 14, 2011
09:47 AM
InstallShield stores the information on your system in an encrypted manner. So you should write it manually for your use.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Nov 14, 2011
12:31 PM
hidenory,
I beg to differ with you as my experience is different.
A while ago I wanted to ensure that InstallShield does actually encrypt those passwords as one of our clients had that requirement. It appears the SQL login credentials are available in plain text under Direct Editor > Property table > IS_SQLSERVER_PASSWORD as shown in screenshot below.
Unfortunately, we were told that InstallShield doesn't encrypt the passwords by default. In order to secure the SQL crendentials, we had to stop using the traditional 'IS_SQLSERVER_' properties and instead write our own protection classes and call those methods through custom actions.
I beg to differ with you as my experience is different.
A while ago I wanted to ensure that InstallShield does actually encrypt those passwords as one of our clients had that requirement. It appears the SQL login credentials are available in plain text under Direct Editor > Property table > IS_SQLSERVER_PASSWORD as shown in screenshot below.
Unfortunately, we were told that InstallShield doesn't encrypt the passwords by default. In order to secure the SQL crendentials, we had to stop using the traditional 'IS_SQLSERVER_' properties and instead write our own protection classes and call those methods through custom actions.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Nov 14, 2011
02:36 PM
That is correct that the value of the IS_SQLSERVER_PASSWORD property is visible in the Property table if you provide a default password. However, a password that you specify at run-time is not visible because InstallShield treats that property as a hidden property to prevent the installer from displaying it in the log file, and masks the Password field on the SQLLogin dialog as follows:
Property(S): PackageCode = {3B00A3C2-44FE-42D4-9F77-33B951CD7D29}
Property(S): IS_SQLSERVER_PASSWORD = **********
Property(S): IS_SQLSERVER_SERVER = 192.168.1.1
Action ended 13:05:34: ExecuteAction. Return value 1.
Also, SQL credentials InstallShield stores in the registry during the initial installation and reuses for maintance/uninstall are encrypted.
Property(S): PackageCode = {3B00A3C2-44FE-42D4-9F77-33B951CD7D29}
Property(S): IS_SQLSERVER_PASSWORD = **********
Property(S): IS_SQLSERVER_SERVER = 192.168.1.1
Action ended 13:05:34: ExecuteAction. Return value 1.
Also, SQL credentials InstallShield stores in the registry during the initial installation and reuses for maintance/uninstall are encrypted.