#3163 RegAddValue and ExecXmlFile custom actions write security information into the log file

v3.8
migrated
nobody
None
2013-08-21
2012-12-10
GrigoryK
No

If you try to change sml file by Util:XmlFile tag or to write registry keys by RegistryValue tag, you will see infromation in log like the following:
MSI (s) (FC:1C) [12:41:48:619]: Executing op: RegAddValue(Name=DB Connection String,Value=Data Source=SQLServerName;Initial Catalog=DatabaseName;User ID=login;Password=pass;Connect Timeout=120,)
or
MSI (s) (0C:80) [15:27:09:048]: Executing op:
CustomActionSchedule(Action=ExecXmlFile,ActionType=3073,Source=BinaryData,Tar
get=ExecXmlFile,CustomActionData=
2 0 C:\Program
Files\ProgramName\Web.config€3€0€/configuration/system.web/sessionState/@sqlC
onnectionString€€Data Source=SQL_SERVER;User ID=Login;Password=Pass) . . .
Executing op: RegAddValue(Name=DB Connection String,Value=Data Source=
SQL_SERVER;Initial Catalog=DBName;User ID=Login;Password=Pass;Connect
Timeout=120,)
WriteRegistryValues: Key: \SOFTWARE\ProgramNameKey, Name: DB Connection
String, Value: Data Source= SQL_SERVER;Initial Catalog=DBName;User
ID=Login;Password=Pass;Connect Timeout=120

To fix this situation ou should add HideTarget parameter to CustomAction element for RegAddValue and ExecXmlFile custom actions.

See
http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Prevent-logging-td7582177.html
for details.

Discussion

  • Rob Mensching
    Rob Mensching
    2013-08-21

    • Status: open --> migrated