• 1 reply
  • Latest Post - ‏2010-11-10T22:02:20Z by RobertHaig
1 Post

Pinned topic Hidden Variables Exposed in Log when used in Adaptors

‏2010-11-10T20:03:12Z |
The documentation states:

Assign Hidden: The system assigns the variable, but hides the value in the logs, showing it as "*****". Use this option when you are including a password or other sensitive information in a variable. Example: you need to include password information in an _MAP variable in order to map a drive. You want to hide the password from users who run the project.
The system normally changes the syntax of a variable in a command line to the appropriate form for your operating system (%VAR% for Windows®, $VAR for Linux® and UNIX® systems). It does not do this for a hidden variable. The variable is passed directly to the server and the operating system environment of the server interprets the variable.

This is NOT true if using a hidden variable in an Adaptor and sending it as a parameter in a run command tag. The preparsing message shows the hidden variable in plaintext.

This seems to be a HUGE security issue if using hidden variables is recommended for passwords or other sensitive information. Can this get fixed? Anyone have ways around this?

Art LeBeau
System Architect
State of Minnesota
Updated on 2010-11-10T22:02:20Z at 2010-11-10T22:02:20Z by RobertHaig
  • RobertHaig
    55 Posts

    Re: Hidden Variables Exposed in Log when used in Adaptors

    This is still the behavior in the 7.1.2 release stream. This won't be addressed in the 7.1.x releases.

    As for a creative way around it, I'd suggest putting those types of variables in an environment group applied at the server level (which makes more sense for an _MAP var anyway). If you do that, you can put a different selector on your adaptor link step so that it doesn't expose those variables.
    The other way to mitigate exposure is to set a different access level for your adaptor link steps so that your average user cannot see the step log output for that step.