Sensitive information in WinSCP.com STDOUT
Hello,
I recently made a change to a process that is using WinSCP.com to pipe STDOUT to alert email content following a failure (STDERR has nothing in it for the case I'm about to describe). I have since noticed that the console utility's STDOUT includes clear text credentials with the "open" command.
I know there are configuration settings for hiding/removing sensitive information from WinSCP log files, but those settings seem to have no effect on STDOUT, and I haven't been able to find any information in the docs that pertains to this.
Can anyone please point me to how to address this natively (if possible)? If it cannot be addressed in the current version, I wonder if sensitive data masking could be implemented for STDOUT/ERR in future?
Here are the details of my environment based on the support template:
I confirmed this on a production system using version 4.2.7, and checked again with the newest portable version at this time: 5.17.5
N/A
Production: Windows Server 2016 DC
Test: Windows 10 Professional 1903
SFTP
WinSCP.com
N/A
Run a command with the console application, and pipe STDOUT anywhere.
N/A
option batch abort
option confirm off
open sftp://acct:pass@sFTP.thedomain.com:22
I recently made a change to a process that is using WinSCP.com to pipe STDOUT to alert email content following a failure (STDERR has nothing in it for the case I'm about to describe). I have since noticed that the console utility's STDOUT includes clear text credentials with the "open" command.
I know there are configuration settings for hiding/removing sensitive information from WinSCP log files, but those settings seem to have no effect on STDOUT, and I haven't been able to find any information in the docs that pertains to this.
Can anyone please point me to how to address this natively (if possible)? If it cannot be addressed in the current version, I wonder if sensitive data masking could be implemented for STDOUT/ERR in future?
Here are the details of my environment based on the support template:
Version of WinSCP you are using (you should be using the latest version if possible).
If the problem started to occur after upgrade, mention the last version of WinSCP which was working for you.
Version of Microsoft Windows you are running WinSCP on.
Test: Windows 10 Professional 1903
Transfer protocol (SFTP, FTP, SCP, WebDAV or S3).
Mention if you use GUI or scripting/automation. If you use GUI, specify interface style you are using (Commander or Explorer).
If you experience an error, include full error message. You may use Ctrl+C to copy the message, then paste it (Ctrl+V) to the post. Also check list of common error messages.
Try to describe precise steps that lead to the problem (where do you click, what keys do you press, what do you see, etc.). If you are not able to reproduce the problem with the steps, it is probably not worth to report it as I will not be able to reproduce it (and solve) too. Particularly, if the problem relates to user interface, consider recording your steps or even full video. E.g. using Steps Recorder in Windows 7 or newer2 or Start recording function of Game bar in Windows 103 or Recordit or similar service.
If your problems relates to interaction with remote server, please post a full log file showing ...
For scripting/automation-related issues, include your full script, command-line you use to run WinSCP, and output you see on WinSCP console.
option confirm off
open sftp://acct:pass@sFTP.thedomain.com:22
