et1975
commented
9 months ago Non-breaking alternative - consider offering -Credential parameter that takes Credential or PSCredential object.
Open darkhonor opened 1 year ago
et1975
commented
9 months ago Non-breaking alternative - consider offering -Credential parameter that takes Credential or PSCredential object.
Is your feature request related to a problem? Please describe.
Currently, New-SsoPersonUser, Set-SsoPersonUser, and Set-SsoSelfPersonUserPassword all use Strings to specify a Password for the user. This is a poor security practice and should be avoided since many local policies log all PowerShell commands, and hence the password values.
Describe the solution you'd like
Modify each of these functions to collect the password from the user as a SecureString. Once inside the function, the plaintext password can be extracted and passed along the secure connection to the SsoServer.
Describe alternatives you've considered
Short of asking for the password during execution rather than allow the passwords to be passed as a parameter, there are no clear ways to eliminate this vulnerability.
Additional context
No response