Topic "Removing the password from Session.Output"

Author Message
anyoneis
[View user's profile]

Joined: 2012-03-12
Posts: 5
Location: Seattle
I would like to spit out the session output to the console when I get certain exceptions. However, I noticed that the password is displayed on the "winscp> open -hostkey..." line. Not good.

I am currently planning on scanning for that line and replacing the password. The escaping makes it a little difficult.
1) Is there another way (SessionOptions, ...) to obscure this password?
2) Am I ignoring some much more efficient mechanism?

Code:

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)
{
  Console.WriteLine("Exception encountered: {0}", ex.Message);
  foreach (string s in sess.Output)
    {
      Console.WriteLine("\t{0}", FilterPassword(so, s));
    }
}

private static string FilterPassword(WinSCP.SessionOptions so, string s)
{
  if (!s.Contains("winscp>"))
    return s;
  string encodedPassword = so.Password
    .Replace("%", "%25")
    .Replace(" ", "%20")
    .Replace(" ", "%20")
    .Replace("+", "%2B")
    .Replace("/", "%2F")
    .Replace("@", "%40")
    // ...
    ;
  return s.Replace(encodedPassword, new string('*', so.Password.Length));
}


Thanks!
David
Advertisements
anyoneis
[View user's profile]

Joined: 2012-03-12
Posts: 5
Location: Seattle
Still looking for an answer. Is the source for WinSCP .NET Assembly available to examine?

Here's my current method:

Code:

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)
{
    Console.WriteLine("Exception encountered: {0}", ex.Message);
    foreach (string s in sess.Output)
    {
        Console.WriteLine("\t{0}", FilterPassword(so, s));
    }
}

private static string FilterPassword(WinSCP.SessionOptions so, string s)
{
    if (!s.Contains("winscp> open"))
        return s;
    string encodedPassword = PartialEncode(so.Password);
    return s.Replace(encodedPassword, new string('*', so.Password.Length));
}

private static string PartialEncode(string asciiString)
{
    string convertedString = "";
    foreach (char c in asciiString)
    {
        switch (c) {
            case '`':   case '@':   case '#':   case '$':   case '%':
            case '^':   case '&':   case ' ':   case '+':   case '/':
            case '{':   case '}':   case ':':   case '"':   case '<':
            case '>':   case '?':   case ',':   case ';':   case '[':
            case ']':   case '\\':  case '=':
            case '|':  // Forgot this
                convertedString += String.Format("%{0:X2}", (uint)Convert.ToUInt32(((int)c).ToString()));
                break;
            default:
                convertedString += c;
                break;
        }
    }
    return convertedString;
}
       


Thanks!
David

Last edited by anyoneis on 2012-03-15 17:16; edited 1 time in total
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.
anyoneis
[View user's profile]

Joined: 2012-03-12
Posts: 5
Location: Seattle
prikryl wrote:
There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.


Ah! I couldn't find that. Thanks!
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License