SrividyaTRAs per the description in https://wyday.com/wybuild/help/wyupdate-commandline.php, for authenticated proxy, the proxy username and password can be passed as command line arguments.
However, this would mean that the password would have to be passed in clear text and hence the password would be visible in the ProcessExplorer (which would list all command line arguments of running processes) which is not secure.
What is the recommendation for the same? Can it be supported to provide the password as hashed or encrypted instead of clear-text to the wyupdate-commandline?
SrividyaTRSince our windows service runs under LocalSystem account, it would not be able to pick the proxy configured for a user in the Internet Explorer. So, we need to explicitly specify the proxy to be used through the wyUpdate commandLine. And while doing so, we want to specify also the proxy userName and password to be used. In such a case, how can we ensure that that proxy password be not have to be passed as clear text?
SrividyaTRThe link you provided would not help for our usecase.
The link talks of 2 approaches for Manual static proxy configuration:
The registry based configuration does not support specifying userName and password but only IpAddress and port. Therefore, it does not meet our purpose.
WinHTTP using netsh supports specifying userName and password but this will affect all applications including Windows services which use WinHTTP with default proxy. We cannot affect other applications running on the machine and hence cannot follow this approach.
Therefore, I would again ask if it be supported to provide the password as hashed or encrypted instead of clear-text to the wyupdate-commandline?
Therefore, I would again ask if it be supported to provide the password as hashed or encrypted instead of clear-text to the wyupdate-commandline?
No. Hashes aren't magic. Neither is encryption. If your proxy "accepts a hash" then it's not a hash -- it's a password.
We've provided several solutions to the problem.
Either configure the proxy system wide (typically using a PAC -- use google if you don't know what that is), or per-user and let wyUpdate read those by default.
Or pass them explicitly to wyUpdate.
