1

I am using the following script to pass SQL credentials at the command line , but I need user to enter the password for the SQL user not the Windows Credentials in it and to make sure that the password is not revealed in clear text when inserted in the prompt. Here is my script:

Param(
  [Parameter(Mandatory=$True)]
  [ValidateNotNullOrEmpty()]
  [string]$dbusername="",
  [Parameter(Mandatory=$True)]
  [ValidateNotNullOrEmpty()]
  [string]$password="",
  [Parameter(Mandatory=$True)]
  [ValidateNotNullOrEmpty()]
  [string]$Machine=""
  )

This works fine, but I would like to make sure that the password is hidden when user is inserting it in the prompt.

I have used this line to do it

Read-Host -Prompt "Enter your password" -AsSecureString

But this cannot be inserted in the Param block, and I I insert it afterwards it has no effect.

How can I mask the password when is inserted by the user at the prompt?

Improve this question
3
  • if you have PS V3 , casting to securestring ie: [securestring]$password="" should be suffisant Commented Nov 19, 2015 at 9:54
  • Thank you for your input. If I am changing casting as you mentioned indeed the user is prompted to insert the password as I want, in a "hidden mode" however I am getting authentication errors. Maybe I should mentioned that I am using a function in which I insert the connection string. The function works just fine without the securestring. Do you need the full script to see it? Commented Nov 19, 2015 at 10:11
  • [Parameter(Mandatory)][System.Management.Automation.Credential()][PSCredential]$Credential Commented Nov 19, 2015 at 10:42

1 Answer 1

Reset to default
1

For PS V3,casting to securestring ie: [securestring]$password="" should be sufficient. You will certainly have to convert back this securestring to plain text before using it with your app. This can be done with:

$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password)
$clearpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

using $clearpassword ? can you echo it and verify it ?
After Param( [Parameter(Mandatory=$True)] [ValidateNotNullOrEmpty()] [string]$dbusername="", [Parameter(Mandatory=$True)] [ValidateNotNullOrEmpty()] [securestring]$password="", [Parameter(Mandatory=$True)] [ValidateNotNullOrEmpty()] [string]$Machine="" ) I have inserted
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password) $clearpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr) [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
yes but do you use $clearpasword instead of $password in your connexion string ?
the password is hidden as I wanted, but I get Exception calling "Open" with "0" argument(s): "Login failed for user 'A4_reader'."
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.