New user or Admin user should have password collected as SecureString #5
Assignees
Labels
documentation
Improvements or additions to documentation
enhancement
New feature or request
invalid
This doesn't seem right
Comments
bdeyo-vmware
added
documentation
|
The functions themselves should technically have this done now in the next pull request. However if an admin is still typing the function at the prompt, the -password value would still show as a plainText string. Although a read-host within the function could prompt to type the secureString, that would be extra work. How to get a user to create their password as a secureString before passing this is important. Perhaps if there is some easy fail option where if it's not a secureString when passed as a parameter the function then prompts for correction? |
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
functions that deal with creating new users or updating their passwords should use convertTo-SecureString and convertFrom-SecureSting to that the password is never available in plaintext
The text was updated successfully, but these errors were encountered: