PlainText Password
Closed this issue · 3 comments
MattDecarlo commented
On https://github.com/tjames192/PSCUC/blob/master/Public/Connect-CUC.ps1
Password could be a parameter read in from Secure String format to limit the exposure of a password in plaintext when using the module, it should then be cleared from memory after it gets encoded. This would minimize the exposure even though the plaintext is somewhat required. Thoughts?
Maybe something like this
`
.....
[Parameter(Mandatory = $false, HelpMessage = 'Cisco Unity password')]
[SecureString]$Password,
.....
$Destroyptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
$EncodedAuthorization = [System.Text.Encoding]::UTF8.GetBytes($Username + ':' + ([System.Runtime.InteropServices.Marshal]::PtrToStringBTSR($destroyptr)))
$EncodedPassword = [System.Convert]::ToBase64String($EncodedAuthorization)
$DestroyPtr = $null #Clears plain from memory
$EncodedAuthorization = $null #Clears plain from memory
`
tjames192 commented
I think you are mostly on the right path securing the password from plaintext.
I'll see what can be done
tjames192 commented
updated both:
Get-CUCAuth
Connect-CUC
removed username, password string variables. replaced with credential object.
now use
Connect-CUC server -Credentials (get-credential)
MattDecarlo commented
Much better practice. Thanks!