Secrets, oh my
It amazes me sometimes the lengths that companies go to “protect” their products but then make so simple to work around.
I am trying to get a program called NeatReceipts to work on my machine and am running into serious issues with it because of a crappy installer. It keeps failing when installing the database. Of course it tries to be slick and install in a password protected instance with a hidden password.
Naturally as a tech, I’m inclined to fix problems on my own PC. So I’m poking around to figure out exactly what’s happening and why it is failing. There’s no real information as to why it fails. It doesn’t even notify me that there’s been a failure, it actually tells me it’s successful.
So I’m tracing all the steps backwards and trying to figure out how to get the SQL instance setup. Of course there’s no information on this anywhere. So I do further sleuthing and stumble across log files created by the installer in another folder with this in plaintext:
Executing sqlexpr32.exe -q INSTANCENAME=NR2007 SECURITYMODE=SQL SAPWD=nr-2006-s@pwd-t6r5y7n9y7t6y7 ADDLOCAL=SQL_Engine,SQL_Data_Files SQLAUTOSTART=0 REBOOT=ReallySuppress /qn
Now it just makes me wonder, if you’re going to be all paranoid and choose a password that is really that complex and unguessable, why store it in a plain text where anyone with brains could see it?
It reminds me of the time when Quickbooks wouldn’t help my company unlock the SQL database when we were looking to integrate another product. The actual response we got back from them regarding the password was “Guess.”
Not very smart when you have a team of intelligent geeks who’s primary job is figuring out how stuff works. We didn’t waste time figuring out the password though. Instead we used a backdoor solution of backing up the database and restoring it which gave us full access to the entire DB.