We have a website on which a user has to put in a password. That password must then be passed to a powershell script as a securestring. We can do it as a string, but then the password shows up in the logging and that is not acceptable.
I have searched, but cannot find how to create a secureString in javascript.
Code:
<%@ page import="java.io.BufferedReader,
java.io.IOException,
java.io.InputStreamReader"
%>
<%@ page language="java" %>
<%
String psScript=(String)request.getParameter("script");
String cmsnameline=(String)request.getParameter("cmsnameline");
String password=(String)request.getParameter("password");
String[] parts = cmsnameline.split(",");
String cmsname=parts[0];
String user=parts[1];
String creds=parts[2];
%>
<%
String param = ("O:\\SapMaintenanceBoard\\Remote_execute.ps1 -script_file " + (psScript.replaceAll("(\\r|\\n)", "")) + " -servers " + (cmsname.replaceAll("(\\r|\\n)", "")) + " -npa_user " + (user) + " -credFile " + (creds)+ " -password " + (password));
String command = "powershell.exe " + (param);
// Executing the command
Process powerShellProcess = Runtime.getRuntime().exec(command);
// Getting the results
powerShellProcess.getOutputStream().close();
-- Do stuf with the results
%>
And the PowerShell:
Param(
[Parameter(Mandatory=$true, Position=0)]
[String]$script_file
,
[Parameter(Mandatory=$true, Position=1)]
[String]$servers
,
[Parameter(Mandatory=$true, Position=2)]
[String]$user
,
[Parameter(Mandatory=$true, Position=3)]
[String]$credFile
,
[Parameter(Mandatory=$true, Position=4)]
[String]$password
)
And in PowerShell I need to replace [String]$password
by [secureString]$password
.
There are two ways that I can think of to do this... both will give you $password
as a System.Security.SecureString
object.
Take the string input and ConvertTo-SecureString
within your script/function:
function Get-Password1 {
Param (
[Parameter(Mandatory=$True)]
[String]$password
)
$password = $password | ConvertTo-SecureString -AsPlainText -Force
$password
}
Get-Password1 -password "P@55w0rd"
Use ConvertTo-SecureString
when your call your script/function:
function Get-Password2 {
Param (
[Parameter(Mandatory=$True)]
[Security.SecureString]$password
)
$password
}
Get-Password2 -password (ConvertTo-SecureString "P@55w0rd" -AsPlainText -Force)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.