Removing the password from Session.Output

Advertisement

anyoneis
Joined:
Posts:
5
Location:
Seattle

Removing the password from Session.Output

I would like to spit out the session output to the console when I get certain exceptions. However, I noticed that the password is displayed on the "winscp> open -hostkey..." line. Not good.

I am currently planning on scanning for that line and replacing the password. The escaping makes it a little difficult.
1) Is there another way (SessionOptions, ...) to obscure this password?
2) Am I ignoring some much more efficient mechanism?

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)
{
  Console.WriteLine("Exception encountered: {0}", ex.Message);
  foreach (string s in sess.Output)
    {
      Console.WriteLine("\t{0}", FilterPassword(so, s));
    }
}

private static string FilterPassword(WinSCP.SessionOptions so, string s)
{
  if (!s.Contains("winscp>"))
    return s;
  string encodedPassword = so.Password
    .Replace("%", "%25")
    .Replace(" ", "%20")
    .Replace(" ", "%20")
    .Replace("+", "%2B")
    .Replace("/", "%2F")
    .Replace("@", "%40")
    // ...
    ;
  return s.Replace(encodedPassword, new string('*', so.Password.Length));
}    

Thanks!
David

Reply with quote

Advertisement

anyoneis
Joined:
Posts:
5
Location:
Seattle

Re: Removing the password from Session.Output

Still looking for an answer. Is the source for WinSCP .NET Assembly available to examine?

Here's my current method:

private static void DisplaySessionException(WinSCP.SessionOptions so, WinSCP.Session sess, Exception ex)
{
    Console.WriteLine("Exception encountered: {0}", ex.Message);
    foreach (string s in sess.Output)
    {
        Console.WriteLine("\t{0}", FilterPassword(so, s));
    }
}

private static string FilterPassword(WinSCP.SessionOptions so, string s)
{
    if (!s.Contains("winscp> open"))
        return s;
    string encodedPassword = PartialEncode(so.Password);
    return s.Replace(encodedPassword, new string('*', so.Password.Length));
}

private static string PartialEncode(string asciiString)
{
    string convertedString = "";
    foreach (char c in asciiString)
    {
        switch (c) {
            case '`':   case '@':   case '#':   case '$':   case '%':
            case '^':   case '&':   case ' ':   case '+':   case '/':
            case '{':   case '}':   case ':':   case '"':   case '<':
            case '>':   case '?':   case ',':   case ';':   case '[':
            case ']':   case '\\':  case '=':
            case '|':  // Forgot this
                convertedString += String.Format("%{0:X2}", (uint)Convert.ToUInt32(((int)c).ToString()));
                break;
            default:
                convertedString += c;
                break;
        }
    }
    return convertedString;
}
           

Thanks!
David

Last edited by anyoneis on 2012-03-15 17:16; edited 1 time in total

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: Removing the password from Session.Output

There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.

Reply with quote

anyoneis
Joined:
Posts:
5
Location:
Seattle

Re: Removing the password from Session.Output

martin wrote:

There no other machanism, sorry.

To escape special characters in password, use System.Uri.EscapeDataString.

Ah! I couldn't find that. Thanks!

Reply with quote

Advertisement

You can post new topics in this forum