The secure way to do this is to use the DPAPI. Phil Wilson
-----Original Message----- From: Castro, Edwin G. (Hillsboro) [mailto:edwin.cas...@fiserv.com] Sent: Wednesday, February 16, 2011 10:33 AM To: General discussion for Windows Installer XML toolset. Subject: Re: [WiX-users] Encrypt and store the SQL sa password in the windows registry That all depends on what key you use to encrypt the data. If the key is associated with the SYSTEM context then only the SYSTEM context will be able to decrypt the data. If an attacker already has access to the SYSTEM context then it's already Game Over. Edwin G. Castro Software Developer - Staff Electronic Banking Services Fiserv Office: 503-746-0643 Fax: 503-617-0291 www.fiserv.com Please consider the environment before printing this e-mail > -----Original Message----- > From: James Johnston [mailto:johnst...@inn-soft.com] > Sent: Wednesday, February 16, 2011 8:19 AM > To: 'General discussion for Windows Installer XML toolset.' > Subject: Re: [WiX-users] Encrypt and store the SQL sa password in the > windows registry > > Isn't storing the administrator password for a server in the registry a > terrible > idea? This is setting off all kinds of alarm bells in my mind... > Even if you "encrypt" it, I would think it would still be easy enough to > recover > the plaintext just by finding the key in the MSI file and then decrypting. I > don't see how it offers any real security beyond shielding from casual prying > eyes. I would think an installer that does this without telling could easily > trap > the unwary system administrator who wants to run a tight ship... > > -----Original Message----- > From: Rob Mensching [mailto:r...@robmensching.com] > Sent: Wednesday, February 16, 2011 15:35 > To: General discussion for Windows Installer XML toolset. > Subject: Re: [WiX-users] Encrypt and store the SQL sa password in the > windows registry > > Not today but it would be a great custom action to have. > > On Tue, Feb 15, 2011 at 2:40 PM, Thai-Hoa Nguyen > <taiwa...@hotmail.com>wrote: > > > > > > > Hello > > > > I'm currently storing the SQL sa password so the database can be > > uninstalled later. > > > > <RegistryValue Root='HKLM' Key='SOFTWARE\xyz\abcName='SQLPwd' > > Value='[SQLPASSWORD]' Type='string' /> > > > > > > <Property Id="SQLPASSWORD" Value="password"> <RegistrySearch > > Id='SqlPwdReg' Key='SOFTWARE\xyz\abc' Name='SQLPwd' > > Root='HKLM' Type='raw'/> > > </Property> > > > > Is there a quick and easy way to encrypt and decypt the password in Wix? > > > > Thank you. > > > > ---------------------------------------------------------------------- > > -------- The ultimate all-in-one performance toolkit: Intel(R) > > Parallel Studio XE: > > Pinpoint memory and threading errors before they happen. > > Find and fix more than 250 security defects in the development cycle. > > Locate bottlenecks in serial and parallel code that limit performance. > > http://p.sf.net/sfu/intel-dev2devfeb > > _______________________________________________ > > WiX-users mailing list > > WiX-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wix-users > > > > > > > -- > virtually, Rob Mensching - http://RobMensching.com LLC > ---------------------------------------------------------------------------- > -- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users *** Confidentiality Notice: This e-mail, including any associated or attached files, is intended solely for the individual or entity to which it is addressed. This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify the sender immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. This email comes from a division of the Invensys Group, owned by Invensys plc, which is a company registered in England and Wales with its registered office at 3rd Floor, 40 Grosvenor Place, London, SW1X 7AW (Registered number 166023). For a list of European legal entities within the Invensys Group, please go to http://www.invensys.com/legal/default.asp?top_nav_id=77&nav_id=80&prev_id=77. You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail recept...@invensys.com. This e-mail and any attachments thereto may be subject to the terms of any agreements between Invensys (and/or its subsidiaries and affiliates) and the recipient (and/or its subsidiaries and affiliates). ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
