The installer fails. A lot. This is a problem, but such is life. What is a REAL problem is that it drops log files to the temp directory with Windows passwords in the clear. This is unacceptable...
If I install on a server using a custom user, and something goes wrong in the install, a log is created in the temp directory that puts the password for the user in clear text
Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action SetupAction, location: C:\Inetpub\Vault\VaultService\bin\CustomActionExe.exe, command: /TARGETDIR="C:\Inetpub\Vault\VaultService\ " /TARGETDIR2="C:\Inetpub\Vault\VaultService\VaultShadowFolder\ " /CUSTOMNAME=***CLEARUSERHERE*** /CUSTOMPW=***CLEARPASSWORDHERE*** /PARAMS= /DROPDB= /UPGRADE= /ADMINPW= /SQLLOGIN= /SQLPW= /WINAUTH= /SQLSERVER= /IISPROCESS=2
Given that it's all written in .Net, there's not much excuse for not encrypting that command line argument.
INSTALL INSECURITY/COMPROMISE!!!
Moderator: SourceGear
Thanks for the report. Since the log is there to verify input, there wouldn't be much use in printing out input parameters encrypted. The initial version of our installer didn't verify the username/password matched (when you choose a specific account to run VaultService as), but our 2.0 version does, so we probably don't need to print out the password at all.
We will remove this in the next version of the installer. Thanks again for reporting it.
We will remove this in the next version of the installer. Thanks again for reporting it.
glad to know you're on it. One thing though, I'm not so sure this is your log... It may be the WinInstaller log. And the issue is that you're passing the password in the clear to your custom action, and if that action fails, WinInstaller spits out log data with that command line in it. So I'm not sure you need to encrypt the whole command line, but perhaps just the password parameter. Or maybe what you're saying is that you don't need to pass that password inter-component anymore, which would solve it too.