I have a deferred custom action which fetches a property using Customactiondata, it contains the value of password that should not be displayed in the log .
Packaging tool used: WIX
Custom action written in C++
I have tried the below workarounds nothing seems to be working.
Marked the property and CA name as hidden
Hidetarget = yes in CA definition
what needs to be done?
Code:
<CustomAction Id="CASETLOGINFORRCSERVICES" Return="check" HideTarget="yes" Execute="deferred" Impersonate="no" TerminalServerAware="no" DllEntry="SetLoginForRCServices" BinaryKey="CA_Dll" />
log:
MSI (s) (7C:CC) [18:35:39:011]: Executing op: CustomActionSchedule(Action=CASETLOGINFORRCSERVICES,ActionType=3073,Source=BinaryData,Target=SetLoginForRCServices,CustomActionData=Deps@@@151232323)
MSI (s) (7C:B0) [18:35:39:038]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSIEB69.tmp, Entrypoint: SetLoginForRCServices
MsiHiddenProperties: There is a property you can set to hide property values from being written to the log: MsiHiddenProperties property (there are further links in there to more information on preventing confidential information in your MSI).
Custom Action: Setting the attribute HideTarget="yes" for the custom action will set the above property value for you. However this feature does not seem to hide any value you hard-code in the property table from the log - so if you set an actual value for the property in the property table you need to set the property itself hidden as well (you can set a value programmatically or via the GUI without setting it in the property table). Here are samples:
HideTarget="Yes":
<CustomAction Id="ReadProperyDeferred" HideTarget="yes" ... />
Property Hidden="yes":
<Property Id="MYPROPERTY" Hidden="yes" Secure="yes">Text</Property>
Samples: Sample WiX source here: https://github.com/glytzhkof/WiXDeferredModeSample.
Here is another sample for deferred mode - it uses the DTF class CustomActionData to easily send properties to deferred mode: https://github.com/glytzhkof/WiXDeferredModeSampleDTF
Remember to avoid custom actions if you can: Why is it a good idea to limit the use of custom actions in my WiX / MSI setups?
Sensitive Information: Here is an answer on preventing sensitive or unwanted information to make it into your MSI: How do I avoid distributing sensitive information in my MSI by accident?
Code Extract: Prefer to open the above sample. However, here is a "compressed" sequence of WiX constructs needed for deferred mode custom actions retrieving data from a set-property custom action:
<Property Id="MYPROPERTY" Hidden="yes" Secure="yes">Send this text to deferred mode</Property>
<Binary Id="CustomActions" SourceFile="$(var.CustomActionSample.TargetDir)$(var.CustomActionSample.TargetName).CA.dll" />
<CustomAction Id="SetProperty" Return="check" Property="ReadProperyDeferred" Value="[MYPROPERTY]" />
<CustomAction Id="ReadProperyDeferred" HideTarget="yes" BinaryKey="CustomActions" Execute="deferred" DllEntry="TestCustomAction" />
<InstallExecuteSequence>
<Custom Action='SetProperty' Before='InstallInitialize'></Custom>
<Custom Action='ReadProperyDeferred' Before='InstallFinalize'></Custom>
</InstallExecuteSequence>
Links: