New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ComPlusApplication CustomAction and related properties should be secure #4028

wixbot opened this Issue Jun 11, 2013 · 0 comments


None yet
1 participant

wixbot commented Jun 11, 2013

When creating a ComPlusApplication entry, we pass an identity and password for this application. The CustomActions associated with this component creation need to have HideTargets set to "yes" to prevent logging of identity and password information in plain text in the log files:

MSI (s) (9C:5C) [14:16:50:074]: Executing op: CustomActionSchedule(Action=ComPlusInstallExecute,ActionType=3073,Source=BinaryData,Target=ComPlusInstallExecute,CustomActionData=C:\Users\sp3dtest\AppData\Local\Temp\CPIA53946019B.tmp?CreateComPlusPartitions?Creating COM+ partitions?Partition: [1]?0?AddUsersToComPlusPartitionRoles?Adding users to COM+ partition roles?Role: [1]?0?AddComPlusPartitionUsers?Setting default COM+ partitions for users?User: [1]?0?CreateComPlusApplications?Creating COM+ applications?Application: [1]?1?1?10000?PIDService?{449602DC-8CEC-4A98-A981-9087C50710DA}?SP3DPipingSpecRemoteAccessServer??3?ApplicationAccessChecksEnabled?0?Identity?DOMAIN_AND_USERNAME_IN_PLAIN_TEXT?Password?PASSWORD_IN_PLAIN_TEXT?CreateComPlusApplicationRoles?Creating COM+ application roles?Role: [1]?0?AddUsersToComPlusApplicationRoles?Adding users to COM+ application roles?User: [1]?0?RegisterComPlusAssemblies?Registering COM+ components?DLL: [1]?1?1?50000?PIDService??C:\Program Files (x86)\Smart3D\RefData\Middle\Bin\SP3DRefDataMiddleTierService.dll???0?{449602DC-8CEC-4A98-A981-9087C50710DA}??1?{BEF05452-09ED-47FE-8D6A-

Also, the related properties to this (ComPlusInstallExecute, ComPlusRollbackInstallExecute, etc) should probably also be Hidden, but, these can be overridden as Hidden in the MSI itself, so that is correctable by the developer.

Originally opened by briancovington from

@wixbot wixbot added this to the v3.8 milestone Dec 20, 2015

@wixbot wixbot closed this Dec 20, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment