I am currently working on a project, mainly supposed to be deployed with a software distribution solution.
The provided connection settings to a datasource are stored in a variable, written to a config file, which is afterwards encrypted.
This is implemented, tested and working well.
The setup log file (enabled with /l=<path>) will contain this data in a readable form - our documentation has a note regarding this fact and how to handle this.
My concern:
- Are the used variables or commandline parameters stored on the target system? (like registry, stored MSI parameters etc)
- In case the user starts a logged maintenance or uninstallation, will he be able to see the old values?
If so, (how) can this be prevented?
kind regards
Anja