AmaanCG asked a question.
Hi Community,
I'm working with an InstallShield 2024 R2 project that uses chained .msi packages. In the Release > chained .msi > Packages view, I'm passing several properties to the child MSIs using the Installshield Property Manager field.
Properties are passed as chained ism in following way.
Example : Main application Installer (Main.ism) -> Installer1.ism (Where the properties are passed)
Main application Installer (Main.ism) -> Installer2.ism (Where the properties are passed)
Some of these properties are sensitive, such as passwords. However, I’ve noticed that these values are being logged in plain text in the installer MSI logs, which is a security concern.
What I’ve Tried:
I’ve defined the sensitive properties in the Installer1.ism & Installer2.ism Property Table.
I’ve added those property names to the SecureCustomProperties and MSIHiddenProperties property in the Installer1.ism & Installer2.ism
Despite this, the values still appear in the install logs when I run the installer.
My Questions:
Is there a reliable way to prevent sensitive properties passed through chain installer from being logged?
Any examples would be greatly appreciated!
Thanks!
