Inadvertent leaking of sensitive data.
I have a script that I need to deploy to machines that can only run if a special string is passed to it. Each location has its own special string. Instead of including the special string inside of the script itself I decided to use a custom variable. This was so that if a tech was to ever export the script for a new location the string that is unique for that location would not be included with the script.
Then after testing the export I noticed that PDQ upon export of the script is in fact including the custom Variable inside the XML without any notification that it is doing so.
When I choose to export a package the only thing I expect to be exported is the package itself. If you are inadvertently including other data I should be given the option to include the added data or at a very minimum be notified that something other than the package is being included in this export.
P.S. Variable options page has its own export for variable. If I want variables exported I would make my own seperate export.
Please sign in to leave a comment.