password in package
is it best practice to include the password inside the package
0 Comments
[ + ] Show comments
Answers (10)
Please log in to answer
Posted by:
anitha_accen
12 years ago
the requester is asking us to package it. i am defending saying it is not a good practice. they say every user is not a admin to give the password
Posted by:
andys0123
12 years ago
It wouldn't be the favoured option.
Why does the requestor want all users running the system with admin right? They should all have their own login.
Why does the requestor want all users running the system with admin right? They should all have their own login.
Posted by:
anitha_accen
12 years ago
the requester do not want admin right but he need to set the password .
after setting the password the application will ask for sbmit and then it says install.
i am not sure what it is installing since it is a vendor msi.
after setting the password the application will ask for sbmit and then it says install.
i am not sure what it is installing since it is a vendor msi.
Posted by:
rajdera1
12 years ago
most probably a custom action in UI sequence is the culprit,is the installation happening in silent mode ?
Posted by:
andys0123
12 years ago
Earlier you said the password is required before the install. Now you say you get the prompt when launching the shortcut, which should only be there once installed. Please confirm where the password is required.
Posted by:
rajdera1
12 years ago
2 options according to me, in case the password is required after launch
1)Convince the customer that its madness to include the password in the package and individual users must do that since you may have some files getting modified and added after user launches and puts the password and you cannot capture it
2) Use Vbscript to enter the key post launch ,it will be a little tricky use the vbscript to call the application and then input the password using script and when first time launch is done close the apps using script and modify the shortcut
1)Convince the customer that its madness to include the password in the package and individual users must do that since you may have some files getting modified and added after user launches and puts the password and you cannot capture it
2) Use Vbscript to enter the key post launch ,it will be a little tricky use the vbscript to call the application and then input the password using script and when first time launch is done close the apps using script and modify the shortcut
Posted by:
andys0123
12 years ago
If the key is entered post install, it will almost certainly be saved to the registry or a file (and probably in encrypted form) & can therefore be captured. If the install is an MSI, add an MST. If some vendor specific install routine, add a CMD after the install to read in a reg file, copy the file, etc.
Posted by:
Arminius
12 years ago
Passwords are there for a reason: to ensure that things happen that are authorized. So by definition hard-coding a password isn't a good practice. I'd also add that passwords are subject to change. So if it's included in the MSI, you'll need to re-do the MSI once the password changes. I'm also willing to bet that you aren't monitoring the app for a password change, so that will be discovered when the installation starts to fail.
I'd stay away from doing this, if I were you. This has "bad idea" written all over it.
I'd stay away from doing this, if I were you. This has "bad idea" written all over it.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.