Forum » .NET assembly / COM library »

Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

anyoneis

Re: Removing the password from Session.Output

martin wrote:

There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.


Ah! I couldn't find that. Thanks!
martin

Re: Removing the password from Session.Output

There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.
anyoneis

Re: Removing the password from Session.Output

Still looking for an answer. Is the source for WinSCP .NET Assembly available to examine?

Here's my current method: 

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)

{

    Console.WriteLine("Exception encountered: {0}", ex.Message);

    foreach (string s in sess.Output)

    {

        Console.WriteLine("\t{0}", FilterPassword(so, s));

    }

}



private static string FilterPassword(WinSCP.SessionOptions so, string s)

{

    if (!s.Contains("winscp> open"))

        return s;

    string encodedPassword = PartialEncode(so.Password);

    return s.Replace(encodedPassword, new string('*', so.Password.Length));

}



private static string PartialEncode(string asciiString)

{

    string convertedString = "";

    foreach (char c in asciiString)

    {

        switch (c) {

            case '`':   case '@':   case '#':   case '$':   case '%':

            case '^':   case '&':   case ' ':   case '+':   case '/':

            case '{':   case '}':   case ':':   case '"':   case '<':

            case '>':   case '?':   case ',':   case ';':   case '[':

            case ']':   case '\\':  case '=':

            case '|':  // Forgot this

                convertedString += String.Format("%{0:X2}", (uint)Convert.ToUInt32(((int)c).ToString()));

                break;

            default:

                convertedString += c;

                break;

        }

    }

    return convertedString;

}

       


Thanks!
David
anyoneis

Removing the password from Session.Output

I would like to spit out the session output to the console when I get certain exceptions. However, I noticed that the password is displayed on the "winscp> open -hostkey..." line. Not good.

I am currently planning on scanning for that line and replacing the password. The escaping makes it a little difficult.
1) Is there another way (SessionOptions, ...) to obscure this password?
2) Am I ignoring some much more efficient mechanism? 

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)

{

  Console.WriteLine("Exception encountered: {0}", ex.Message);

  foreach (string s in sess.Output)

    {

      Console.WriteLine("\t{0}", FilterPassword(so, s));

    }

}



private static string FilterPassword(WinSCP.SessionOptions so, string s)

{

  if (!s.Contains("winscp>"))

    return s;

  string encodedPassword = so.Password

    .Replace("%", "%25")

    .Replace(" ", "%20")

    .Replace(" ", "%20")

    .Replace("+", "%2B")

    .Replace("/", "%2F")

    .Replace("@", "%40")

    // ...

    ;

  return s.Replace(encodedPassword, new string('*', so.Password.Length));

}


Thanks!
David

Documentation

Support

Associations

Follow Us