Uploaded image for project: 'Qt Installer Framework'
  1. Qt Installer Framework
  2. QTIFW-1118

InstallationLog.txt is a big security concern

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Won't Do
    • Not Evaluated
    • None
    • 3.1.0, 3.0.1, 3.0.2
    • General

    Description

      When running a QT installer or a maintenancetool, it generates the InstallationLog.txt file.

      This files contains detailed information about the install, but it also contain the details of all Operations performed by the installer.

      When we use the QT installer to perform some operations that contain credentials and passwords (such as creating an sql database,etc...), it is then possible to open the InstallationLog.txt and have clear access to those credentials.

      This is a big security concern as the end-user can easily have access to some credentials that should not be exposed to him.

       

      It would be nice to be able to set a parameter from a ControlScript to completely disable the creation of this InstallationLog file.

      Also, it would be nice if we could from a ControlScript or ComponentScript  be able to temporary disable/enable logging to the InstallationLog.txt. This way we still have the InstallationLog.txt but make sure that some information will not appear into it.

       

      Any thoughts?

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            installerteam Installer Team
            studiobods Matthias Baudot
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes