PDA

View Full Version : Pass a password as parameter to setup / How to hide from log file?



MillionsterNutz
12-04-2018, 05:44 AM
Hi!

I have a Basic MSI setup that can take a user and a password for one of it's services as a parameter (silent installation)

This seems to work fine. If the parameters are set, then the corresponding variables are updated with the given values and the Windows Service will use the credentials to run the service in a user context.

However, we noticed that the Command Line parameters that are given to the setup are logged in plain text to the log file of the setup. this means the password can be read in the log file!!!

I have two questions regarding this issue:
1. There a way to tell the MSI setup to not log the value of a specific parameter / variable?
2. Is there a way to somehow decrypt a given password-parameter within the MSI setup if it was somehow given encrypted?

Maybe there is another way to solve this problem?

Please help!

Regards

Ralf

MillionsterNutz
12-05-2018, 02:47 AM
Nobody is answering, so I'm under the impression there is no nice way to handle this. However, a colleague of mine had a nice idea for a hack, which I am going to use now.

The programm that calls the setup silently and also provides the parameters is aware of the log file's path. I will modify the calling programm to remove the password from the log file as soon as the setup has finished. Not nice, but not bad either...

DLee65
12-06-2018, 12:58 PM
https://docs.microsoft.com/en-us/windows/desktop/msi/msihiddenproperties

If you know the property name that will contain values that should be hidden in the log file then set the property to be hidden. You can find MsiHiddenProperties in the direct editor. Just append your property name to this list.