Qlik-Cli-Windows icon indicating copy to clipboard operation
Qlik-Cli-Windows copied to clipboard

Published 20 hours ago verified publisher icon ahaydon

When updating Qlik Data Connection with secure credentials, the password is output to the console in clear text

Open aburnsy opened this issue 3 years ago • 1 comments

Example Code: $Credential = New-Object System.Management.Automation.PSCredential($UserName, $SecurePassword) Write-Output "Attempting to update Data Connection '$($DataConnectionObject.name)' with UserName '$UserName' and Password '$SecurePassword'"

Update-QlikDataConnection -id $($DataConnectionObject.id) -Credential $Credential Write-Output "Updated Connection $($DataConnectionObject.name) Password"

Example output: Attempting to update Data Connection 'monitor_apps_REST_task' with UserName 'NAM\qlik_dev' and Password 'System.Security.SecureString' id : 0cf9de8e-c340-491c-8a35-ec82683fad69 createdDate : 2019/02/21 12:26 modifiedDate : 2021/11/14 05:35 modifiedByUserName : INTERNAL\sa_api customProperties : {} owner : @{id=77a51475-7b5c-4feb-9d8c-f10e8affc873; userId=sa_repository; userDirectory=INTERNAL; name=sa_repository; privileges=} name : monitor_apps_REST_task connectionstring : CUSTOM CONNECT TO "provider=QvRestConnector.exe;url=https: //localhost/qrs/task/full;timeout=900;method=GET;autoDetec tResponseType=true;keyGenerationStrategy=0;authSchema=ntlm ;skipServerCertificateValidation=true;useCertificate=No;ce rtificateStoreLocation=LocalMachine;certificateStoreName=M y;trustedLocations=qrs-proxy%2https://localhost:4244;query Parameters=xrfkey%20000000000000000;addMissingQueryParamet ersToFinalRequest=false;queryHeaders=X-Qlik-XrfKey%2000000 0000000000%1User-Agent%2Windows;PaginationType=None;" type : QvRestConnector.exe engineObjectId : 0cf9de8e-c340-491c-8a35-ec82683fad69 username : NAM\qlik_dev password : ffT6!$Vg5oYgA*v53 logOn : LOG_ON_SERVICE_USER architecture : Undefined tags : privileges : schemaPath : DataConnection

aburnsy avatar Nov 15 '21 10:11 aburnsy

The output of all commands is the data returned from the API, in the case of data connections the password is included if you connect using an internal service account such as INTERNAL\sa_api. Using a different user (even a RootAdmin) would cause the password field to be omitted, the following commands would also prevent the password being displayed in the console.

Update-QlikDataConnection -id $($DataConnectionObject.id) -Credential $Credential | Out-Null
$null = Update-QlikDataConnection -id $($DataConnectionObject.id) -Credential $Credential
Update-QlikDataConnection -id $($DataConnectionObject.id) -Credential $Credential | Select-Object -ExcludeProperty password

ahaydon avatar Nov 22 '21 08:11 ahaydon