Sensitive data is not hidden in command line dump in log file #4731

wixbot opened this Issue Apr 3, 2015 · 3 comments


None yet

2 participants

wixbot commented Apr 3, 2015

There is Hidden attribute for bundle variables which hides sensitive data in log file, but not when they come from command line:

Burn v3.9.1006.0, Windows v6.1 (Build 7601: Service Pack 1), path: Bundle.exe, cmdline: '-burn.unelevated ... SUPER_SECURE_PASSWORD=ilikecandies'
Initializing hidden variable 'SUPER_SECURE_PASSWORD'

This is a successor of

Note that MSI log output does hide sensitive data that is coming from command line:
MSI (s) (34:68) [10:29:34:935]: Command Line: SUPER_SECURE_PASSWORD=**********

Originally opened by verba.vadim

wixbot commented Apr 7, 2015

AssignedTo set to shall
Release changed from v3.9 to v3.10

wixbot commented Apr 12, 2015

3.10 pull request: 232.

4.0 pull request: 122.

Originally posted by rseanhall

wixbot commented Apr 15, 2015

Originally changed by rseanhall
Resolution set to fixed
Status changed from Open to Resolved

@wixbot wixbot added bug burn labels Dec 20, 2015
@rseanhall rseanhall was assigned by wixbot Dec 20, 2015
@wixbot wixbot added this to the v3.10 milestone Dec 20, 2015
@wixbot wixbot closed this Dec 20, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment