Announcement

Collapse
No announcement yet.

Silent install - Usernames and Passwords

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Silent install - Usernames and Passwords

    Is there a way to support encrypted passwords for the silent install option?

    Our installer requires a Username and Password as one of the screens as part of the installation.
    On the screen that requests this we use a Edit with "Password" as the Input Style.

    The silent install must support the username and password and we have concerns about putting a plaintext password in the INI file (and instructing our users of doing the same).
    Does Setup Factory have some options for us to consider to prevent the need for plaintext passwords to be specified in the INI file?

    Any help will appreciated.



  • #2
    If you set the setup to run silently, you are unable to show a dialog to prompt the user to enter the username and password. If you use the INI file approach, you cannot stop the setup and prompt for further info if something was exected in the file but not provided.

    You have at least three options here, if you do not want to enter the password in plain text in the INI file.
    • Save the password encrypted, for example with Crypto.BlowfishEncryptString(), and decrypt it at runtime with Crypto.BlowfishDecryptString(). If your "normal" session variable to receive the unencrypted password is %Password%, for example, store the encrypted password as %EncPassword% in the INI, process it in code (On Startup), and assign the decrypted password to %Password%.
    • You can pass the password as a command line argument to the installer. In this manner, only those who actually know the password can run the installer, it is not enough to have access to the INI file. You can process the command line arguments in Setup Factory by checking the _CommandLineArgs table.
    • You could build a "passive" install instead of a silent one. I personally like this option, and I remember having implemented it in the past, but it requires a bit more coding. If you pass, for example, a command line parameter such as "/P", you could enter a "passive" mode, where you skip (via code) most screens, and only show something when input is mandatory when missing on the command line. In this manner, you could pass the username and password on the command line, but, in case the user forgets to provide the password, the setup could prompt for the missing info, and then continue - which isn't possible with "true" silent installs.
    Ulrich

    Comment


    • #3
      Thanks for the very useful input.

      Regarding option 1, using Crypto.BlowfishEncryptString() for the %EncPassword% option in the INI file:
      Would one need to build a hybrid then with option two, build an option into the installer that takes in a parameter as suggested, encrypts it and return it to the user and then exit.

      Then one can give the installer to a Sysadmin perhaps to encrypt the password, create the INI file and distribute/store that?

      Or are there alternative tools/approaches that can be used for this "encryption" outside of Setup Factory?

      Comment


      • #4
        You could create a simple tool with Setup Factory (running without elevation, as user), with just one single screen to enter the password to process, and copy the encrypted version to the clipboard (or an Edit field on the same or following dialog)... The common key to encrypt/decrypt would remain secret, possibly obfuscated, in this tool and in the setup.
        Better yet, you could build a tool (with Setup Factory) which creates the INI for you, presenting a form, and saving the data in the proper format in a INI file...

        Ulrich
        Last edited by Ulrich; 03-09-2021, 01:38 PM.

        Comment

        Working...
        X