Search code examples
installationinstallshieldsuite

How to hide entered password value from logs of an InstallShield Suite/Advanced UI setup


Is there a way to hide some sensitive properties from logging in InstallShield Suite/Advanced UI projects when using /debuglog command line? Something similar to MsiHiddenProperties for MSI projects?

Scenario:

  • Using InstallShield 2015 Premier for Windows
  • There is a PasswordBox control bound to an installer property (you know, the one obscuring the value on the UI)

Problems: The password is written to the setup log in clear-text when:

  • PROBLEM 1: the user changes the value of the PasswordBox
  • PROBLEM 2: the password value is passed forward to the MSI command line

Right now the log output looks like this:

10-11-2021[10:58:25 AM]: Engine: property 'ServiceAccountPassword' value now 'm'
10-11-2021[10:58:25 AM]: Engine: property 'ServiceAccountPassword' value now 'my'
10-11-2021[10:58:26 AM]: Engine: property 'ServiceAccountPassword' value now 'myp'
10-11-2021[10:58:26 AM]: Engine: property 'ServiceAccountPassword' value now 'mypa'
10-11-2021[10:58:26 AM]: Engine: property 'ServiceAccountPassword' value now 'mypas'
10-11-2021[10:58:26 AM]: Engine: property 'ServiceAccountPassword' value now 'mypass'
10-11-2021[10:58:26 AM]: Engine: property 'ServiceAccountPassword' value now 'mypassw'
10-11-2021[10:58:27 AM]: Engine: property 'ServiceAccountPassword' value now 'mypasswo'
10-11-2021[10:58:27 AM]: Engine: property 'ServiceAccountPassword' value now 'mypasswor'
10-11-2021[10:58:27 AM]: Engine: property 'ServiceAccountPassword' value now 'mypassword'

10-11-2021[10:59:27 AM]: Final command line: REBOOT=ReallySuppress TRANSFORMS=1033.mst SERVICEPASSWORD="mypassword" <rest of command line removed>

Solution

  • Found the solution:

    There is an 'ISHiddenProperties' property for InstallShield Suite setups.

    Tried out, works.

    Link to Official Revenara documentation

    Text from official documentation:

    To prevent a property from being written in the log file:

    1. In the View List under Behavior and Logic, click Property Manager.

    2. In the Name column, find the ISHiddenProperties property.

      If this property is not listed, click the New Property button to create this property, and in the Name column, enter ISHiddenProperties.

    3. In the Value column, enter the name of the property whose value you do not want to be logged; ensure that you use the same capitalization. To list more than one property, separate each with a semicolon (;).

    Note that ISHiddenProperties is useful for prevention of logging for values in the following scenarios:

    • The value of the property changes.

    • The end user sets the value of the property through command line when launching the Advanced UI or Suite/Advanced UI Setup.exe file.

    • The property is configured through a command line that the Advanced UI or Suite/Advanced UI installation passes to a package. This is configurable in the Packages view, on the Common tab, in the Operation area.

    If the property is logged through ISuiteExtension::LogInfo, the Suite engine cannot prevent the logging. Therefore, any code that you create to write a property value to the log file should read ISHiddenProperties to see whether the property value should be logged.