[WiX-users] Passing securing information from the bootstrapper to an MSI bundle without logging

2014-03-21 Thread Kevin Spence 
Hi all,

I'm sure this has come up in the past, but I can't seem to find any info
that tackles this scenario.

How do you pass secure information from the bootstrapper to the MSI bundle
without it being logged?

I've seen the articles for burn hidden variables and msi hidden properties,
but nothing that passes values from one to the other without being logged.

The msi package installs and configures a windows service. The service must
run using a windows user account. Atm, the account credentials are being
passed to the msi through the command line (which is logged).

The one approach I can think of is to reconfigure the service after the msi
has been installed (I don't know if that would affect the uninstall).

Is there a better approach?

Thanks,
Kevin
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Re: [WiX-users] Passing securing information from the bootstrapper to an MSI bundle without logging

2014-03-23 Thread Kevin Spence 
Thanks Rob!

Worked - password gets replaced with asterisks...

ks


On Fri, Mar 21, 2014 at 2:12 PM, Rob Mensching  wrote:

> Mark the Variable and Property both Hidden and they should not be logged.
>
> ___
>  FireGiant  |  Dedicated support for the WiX toolset  |
> http://www.firegiant.com/
>
> -Original Message-
> From: Kevin Spence [mailto:kspe...@gmail.com]
> Sent: Friday, March 21, 2014 2:04 PM
> To: wix-users@lists.sourceforge.net
> Subject: [WiX-users] Passing securing information from the bootstrapper to
> an MSI bundle without logging
>
> Hi all,
>
> I'm sure this has come up in the past, but I can't seem to find any info
> that tackles this scenario.
>
> How do you pass secure information from the bootstrapper to the MSI bundle
> without it being logged?
>
> I've seen the articles for burn hidden variables and msi hidden
> properties, but nothing that passes values from one to the other without
> being logged.
>
> The msi package installs and configures a windows service. The service
> must run using a windows user account. Atm, the account credentials are
> being passed to the msi through the command line (which is logged).
>
> The one approach I can think of is to reconfigure the service after the
> msi has been installed (I don't know if that would affect the uninstall).
>
> Is there a better approach?
>
> Thanks,
> Kevin
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is
> the definitive new guide to graph databases and their applications. Written
> by three acclaimed leaders in the field, this first edition is now
> available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> ___
> WiX-users mailing list
> WiX-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wix-users
>
>
> --
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> ___
> WiX-users mailing list
> WiX-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/wix-users
>
--
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

[WiX-users] Util:XmlFile Custom Action Displaying Sensitive Information in Log Files

2014-04-11 Thread Kevin Spence 
Hi all,
How does one handle the situation where the Util:XmlFile custom action logs
sensitive information to the log file?

Eg:

MSI (s) (F8:8C) [11:43:03:072]: Executing op:
ActionStart(Name=ExecXmlFile,,)
MSI (s) (F8:8C) [11:43:03:074]: Executing op:
CustomActionSchedule(Action=ExecXmlFile,ActionType=3073,Source=BinaryData,Target=ExecXmlFile,CustomActionData=2€0€C:\Program
Files\ABC\File.exe.config€3€0€//configuration/connectionStrings/add[@name='ABC']€connectionString€User
ID=user;Password='q9h581)D3]';)


This 
message
by
RobM suggests that the situation is a bug. (Dec 2012)

It looks like this issue was addressed previously
(bug3859),
but the result was that it is not a bug by Bob Arnson (Oct 2013).

I found the workaround hack of adjusting the Type in the CustomAction table
for the ExecXmlFile Action after the msi is produced... Is this the only
way?

Thanks,
Kevin
--
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
___
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users