Sathyan Catari wrote:
> I don't think, based on existing customer data since AS 7.0 days that
> anyone is using silent installation password
> masking feature. This is just something that we have been doing since AS
> 7.0 days. No one has asked for any
> enhancement or feature requests in Silent installation((I will also ask
> Sustaining to see
> if they have heard of any unofficial requests in this area). That said,
> I see these options,
> a). Turn off this completely(no support for encrypted password).
> b). Continue doing what we are doing.
> c). Implement an actual encryption mechanism.
>
> I prefer b), but I am flexible :-)
Again, there's no encryption going on here. To advertise this as
encryption is misleading. It's obfuscation.
I'm surprised that customers actually believe there's some security
value in simple obfuscation, but if you can find customers who want
that, I'm fine with leaving it in. Or, if it's easier to leave it
in than to take it out, that's fine too.
But...
You *must* change the way this feature is documented, including changing
the name of the PASSWORD_ENCRYPTED property to PASSWORD_OBFUSCATED. We
can't mislead people into believing there's some security here.