Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Sensitive data is not hidden in command line dump in log file #4731

wixbot opened this Issue Apr 3, 2015 · 3 comments


None yet
2 participants

wixbot commented Apr 3, 2015

There is Hidden attribute for bundle variables which hides sensitive data in log file, but not when they come from command line:

Burn v3.9.1006.0, Windows v6.1 (Build 7601: Service Pack 1), path: Bundle.exe, cmdline: '-burn.unelevated ... SUPER_SECURE_PASSWORD=ilikecandies'
Initializing hidden variable 'SUPER_SECURE_PASSWORD'

This is a successor of http://sourceforge.net/p/wix/bugs/2539/

Note that MSI log output does hide sensitive data that is coming from command line:
MSI (s) (34:68) [10:29:34:935]: Command Line: SUPER_SECURE_PASSWORD=**********

Originally opened by verba.vadim


wixbot commented Apr 7, 2015

AssignedTo set to shall
Release changed from v3.9 to v3.10


wixbot commented Apr 12, 2015

3.10 pull request: 232.

4.0 pull request: 122.

Originally posted by rseanhall


wixbot commented Apr 15, 2015

Originally changed by rseanhall
Resolution set to fixed
Status changed from Open to Resolved

@wixbot wixbot added bug burn labels Dec 20, 2015

@wixbot wixbot added this to the v3.10 milestone Dec 20, 2015

@wixbot wixbot closed this Dec 20, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment