[WiX-users] Util:XmlFile Custom Action Displaying Sensitive Information in Log Files
Hi all, How does one handle the situation where the Util:XmlFile custom action logs sensitive information to the log file? Eg: MSI (s) (F8:8C) [11:43:03:072]: Executing op: ActionStart(Name=ExecXmlFile,,) MSI (s) (F8:8C) [11:43:03:074]: Executing op: CustomActionSchedule(Action=ExecXmlFile,ActionType=3073,Source=BinaryData,Target=ExecXmlFile,CustomActionData=2€0€C:\Program Files\ABC\File.exe.config€3€0€//configuration/connectionStrings/add[@name='ABC']€connectionString€User ID=user;Password='q9h581)D3]';) This messagehttps://www.mail-archive.com/wix-users@lists.sourceforge.net/msg54073.html by RobM suggests that the situation is a bug. (Dec 2012) It looks like this issue was addressed previously (bug3859http://wixtoolset.org/issues/3859/), but the result was that it is not a bug by Bob Arnson (Oct 2013). I found the workaround hack of adjusting the Type in the CustomAction table for the ExecXmlFile Action after the msi is produced... Is this the only way? Thanks, Kevin -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Passing securing information from the bootstrapper to an MSI bundle without logging
Thanks Rob! Worked - password gets replaced with asterisks... ks On Fri, Mar 21, 2014 at 2:12 PM, Rob Mensching r...@firegiant.com wrote: Mark the Variable and Property both Hidden and they should not be logged. ___ FireGiant | Dedicated support for the WiX toolset | http://www.firegiant.com/ -Original Message- From: Kevin Spence [mailto:kspe...@gmail.com] Sent: Friday, March 21, 2014 2:04 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Passing securing information from the bootstrapper to an MSI bundle without logging Hi all, I'm sure this has come up in the past, but I can't seem to find any info that tackles this scenario. How do you pass secure information from the bootstrapper to the MSI bundle without it being logged? I've seen the articles for burn hidden variables and msi hidden properties, but nothing that passes values from one to the other without being logged. The msi package installs and configures a windows service. The service must run using a windows user account. Atm, the account credentials are being passed to the msi through the command line (which is logged). The one approach I can think of is to reconfigure the service after the msi has been installed (I don't know if that would affect the uninstall). Is there a better approach? Thanks, Kevin -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
[WiX-users] Passing securing information from the bootstrapper to an MSI bundle without logging
Hi all, I'm sure this has come up in the past, but I can't seem to find any info that tackles this scenario. How do you pass secure information from the bootstrapper to the MSI bundle without it being logged? I've seen the articles for burn hidden variables and msi hidden properties, but nothing that passes values from one to the other without being logged. The msi package installs and configures a windows service. The service must run using a windows user account. Atm, the account credentials are being passed to the msi through the command line (which is logged). The one approach I can think of is to reconfigure the service after the msi has been installed (I don't know if that would affect the uninstall). Is there a better approach? Thanks, Kevin -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users