PDA

View Full Version : Hide Macro Value


Jim.Stripsky
12-16-2011, 12:07 PM
I saw a post from 2005 asking about this, but figured I could ask again since this may be supported now.....

I have a macro to store a password to deploy an EAR file into WebSphere using wsadmin scripting. I would like this value to be hidden from users. Is it possible to mask this value from users once it's written? Or does anyone have another idea how this could be done?

My concern is that an user could find the value and use it to make unauthorized changes to the WebSphere configuration causing unknown problems.

Thanks!

kinook
12-16-2011, 10:01 PM
See the Encrypt macro value option.
http://www.kinook.com/VisBuildPro/Manual/macroproperties.htm

Jim.Stripsky
12-19-2011, 09:10 AM
I am running version 7.7a and the Encrypt Macro function doesn't work. I setup a 'Project Macro' and clicked the Encrypt Macro checkbox.

In the .bld file, the macro value is not encrypted and when I print out the macro value with a 'Log Message' step, it is not encrypted.

Is there something broken in this version, or are only certain Macro Types able to be encrypted?

kinook
12-19-2011, 10:23 AM
How are you creating the macro in Visual Build? Did you go to the Macros tab, Insert, and check the Encrypt option? If so, the macro value will be stored encrypted in the .bld file and obscured when the macro value is later displayed in the Macros pane, properties dialog, etc.

If you instead created a Set Macro step with Encrypt checked, the macro value will be encrypted when the step is built, but the value when entered into the Set Macro step or stored in the .bld file will not be encrypted (this is by design).

Logging the macro value from a build will show its value, since the build has to use actual macro values to function properly.

Jim.Stripsky
12-19-2011, 10:47 AM
I was creating it as a macro step in the Project Steps. I moved it to the Macro tab and it is encrypted. Thanks for explaining what I was doing incorrectly.

Since I use this value later as an argument to a batch file, I need to not make sure the 'log the command line used' is not checked or the value will be displayed.

As an enhancement, would it be possible to check if a macro value is encrypted before logging the command line and masking it in the log file?

kinook
12-19-2011, 10:58 AM
The problem with generically obscuring an encrypted macro value for logging is that when the macro value is expanded, there's no way of knowing if it will be used in the build, or logged, or both. And at the point where build output is logged, there's no way to know what, if any, parts contain values that were encrypted. One thing that might help would be to turn off the logging of the command in the step's vbld_StepStarting script event, i.e.:

Step.Property("ShowCmd") = False

http://www.kinook.com/VisBuildPro/Manual/scriptevents.htm