I am in the process of converting an old legacy setup to Wix. I prefer to use the APIs provided by the Wix toolset, rather than importing std namespace, and in this case working with sensitive data I am looking for advice on how to do this in a secure manner.
The old code uses std::tstring populated with sensitive data and then it does this to populate a BYTE array for a Win32 function call: tstring szData = ......; ...... BYTE *pbDataInput = (BYTE *) szData.c_str(); DWORD cbDataInput = (DWORD) (szData.size() * sizeof(wchar_t)); For my new CA the sensitive string is Unicode from a 'hidden' MsiProperty. LPWSTR pwzSensitive = NULL; hr = WcaGetProperty(L"PROP", &pwzSensitive); ExitOnFailure(hr, "failed to resolve PROP"); ...Tried StrAllocStringSecure (however did not compile) and StrAllocHexDecode (compiles but not expected result). Looked at using memcpy.... The string may include any Unicode language group. ... Looking for advice on how to approach this. LExit: hr = StrSecureZeroString(pwzSensitive); //ExitOnFailure(hr, "failed to zero and free a buffer."); // Since StrSecureZeroString is called after LExit, not sure if also calling ExitOnFailure is wise - needs more research Any suggestions would be appreciated. I have spent so much time over the last few mounts working on the mba, and finding ways to avoid writing CAs, that my C++ skills are withering on the vine. The C# SecureString support was very helpful in the mba. Thanks for the help! -- View this message in context: http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/C-CA-using-Wca-and-StrUtil-for-secure-data-tp7600677.html Sent from the wix-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users