Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Inadvertent leaking of sensitive data.

I have a script that I need to deploy to machines that can only run if a special string is passed to it. Each location has its own special string. Instead of including the special string inside of the script itself I decided to use a custom variable. This was so that if a tech was to ever export the script for a new location the string that is unique for that location would not be included with the script.

Then after testing the export I noticed that PDQ upon export of the script is in fact including the custom Variable inside the XML without any notification that it is doing so.

When I choose to export a package the only thing I expect to be exported is the package itself. If you are inadvertently including other data I should be given the option to include the added data or at a very minimum be notified that something other than the package is being included in this export.

0

Comments

1 comment
Date Votes
  • P.S. Variable options page has its own export for variable. If I want variables exported I would make my own seperate export.

    0