Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice
Thank you. I will look at that. I have not actually done any of the mba implementation yet as I have been focused on the underlying Bundle/MSI behavior, and getting the ServiceInstall and XmlConfig pieces figured out. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to-MSI-Secure-password-Best-Parctice-tp7596576p7596599.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice
Is there a wiki article or anything on security best practices where this stuff could be captured a little more formally? -Original Message- From: Sean Hall [mailto:r.sean.h...@gmail.com] Sent: August-27-14 6:44 PM To: General discussion about the WiX toolset. Subject: Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice Make sure that your mba uses the SecureStringVariables property in the Engine class, which requires that your password is in a SecureString. You shouldn't put the password in a System.String. On Wed, Aug 27, 2014 at 11:55 AM, Phill Hogland phogl...@rimage.com wrote: Thanks Rob, very much. I had the Bundle/@Variable hidden but missed the Product/@Property. Thanks again. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to- MSI-Secure-password-Best-Parctice-tp7596576p7596578.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
[WiX-users] Burn to MSI -- Secure password -- Best Parctice
If I collect a password in my mba, I am wondering what the best way is to pass it down to the MSI. I considered calling the win32 Crypt API to store the password (and then have the MSI retrieve the password from the store), but if a mba should not change the system, what is a secure way to pass this information to a MSI? -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to-MSI-Secure-password-Best-Parctice-tp7596576.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice
Mark the Bundle/@Variable and Product/@Property Hidden='yes'. Burn v3.9 will store it as a secure string... Windows Installer will do what it does (it's not documented). ___ FireGiant | Dedicated support for the WiX toolset | http://www.firegiant.com/ -Original Message- From: Phill Hogland [mailto:phogl...@rimage.com] Sent: Wednesday, August 27, 2014 8:20 AM To: wix-users@lists.sourceforge.net Subject: [WiX-users] Burn to MSI -- Secure password -- Best Parctice If I collect a password in my mba, I am wondering what the best way is to pass it down to the MSI. I considered calling the win32 Crypt API to store the password (and then have the MSI retrieve the password from the store), but if a mba should not change the system, what is a secure way to pass this information to a MSI? -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to-MSI-Secure-password-Best-Parctice-tp7596576.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice
Thanks Rob, very much. I had the Bundle/@Variable hidden but missed the Product/@Property. Thanks again. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to-MSI-Secure-password-Best-Parctice-tp7596576p7596578.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Burn to MSI -- Secure password -- Best Parctice
Make sure that your mba uses the SecureStringVariables property in the Engine class, which requires that your password is in a SecureString. You shouldn't put the password in a System.String. On Wed, Aug 27, 2014 at 11:55 AM, Phill Hogland phogl...@rimage.com wrote: Thanks Rob, very much. I had the Bundle/@Variable hidden but missed the Product/@Property. Thanks again. -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Burn-to-MSI-Secure-password-Best-Parctice-tp7596576p7596578.html Sent from the wix-users mailing list archive at Nabble.com. -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users -- Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
