is it best practice to include the password inside the package
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
why you want to do it?
Answered 02/16/2012 by: roni86
Blue Belt

Please log in to comment
0
the requester is asking us to package it. i am defending saying it is not a good practice. they say every user is not a admin to give the password
Answered 02/16/2012 by: anitha_accen
Blue Belt

Please log in to comment
0
It wouldn't be the favoured option.

Why does the requestor want all users running the system with admin right? They should all have their own login.
Answered 02/16/2012 by: andys0123
Orange Belt

Please log in to comment
0
the requester do not want admin right but he need to set the password .
after setting the password the application will ask for sbmit and then it says install.
i am not sure what it is installing since it is a vendor msi.
Answered 02/16/2012 by: anitha_accen
Blue Belt

Please log in to comment
0
most probably a custom action in UI sequence is the culprit,is the installation happening in silent mode ?
Answered 02/16/2012 by: rajdera1
Orange Belt

Please log in to comment
0
i am getting the prompt during the launch of the shortcut
Answered 02/16/2012 by: anitha_accen
Blue Belt

Please log in to comment
0
Earlier you said the password is required before the install. Now you say you get the prompt when launching the shortcut, which should only be there once installed. Please confirm where the password is required.
Answered 02/16/2012 by: andys0123
Orange Belt

Please log in to comment
0
2 options according to me, in case the password is required after launch

1)Convince the customer that its madness to include the password in the package and individual users must do that since you may have some files getting modified and added after user launches and puts the password and you cannot capture it

2) Use Vbscript to enter the key post launch ,it will be a little tricky use the vbscript to call the application and then input the password using script and when first time launch is done close the apps using script and modify the shortcut
Answered 02/16/2012 by: rajdera1
Orange Belt

Please log in to comment
0
If the key is entered post install, it will almost certainly be saved to the registry or a file (and probably in encrypted form) & can therefore be captured. If the install is an MSI, add an MST. If some vendor specific install routine, add a CMD after the install to read in a reg file, copy the file, etc.
Answered 02/16/2012 by: andys0123
Orange Belt

Please log in to comment
0
Passwords are there for a reason: to ensure that things happen that are authorized. So by definition hard-coding a password isn't a good practice. I'd also add that passwords are subject to change. So if it's included in the MSI, you'll need to re-do the MSI once the password changes. I'm also willing to bet that you aren't monitoring the app for a password change, so that will be discovered when the installation starts to fail.

I'd stay away from doing this, if I were you. This has "bad idea" written all over it.
Answered 02/16/2012 by: Arminius
Second Degree Green Belt

Please log in to comment
Answer this question or Comment on this question for clarity