THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Jamie Thomson

This is the blog of Jamie Thomson, a freelance data mangler in London

Prompt for a password with a mask using Powershell

Here’s some code that I absolutely know I’m going to need again in the future, what better place to put it than on my blog!

If you need to prompt the user for a password when using Powershell then you want to make sure that the value types in isn’t visible on the screen. That’s quite easy using the –AsSecureString parameter of the Read-Host cmdlet however its not quite so easy to retrieve the supplied value. The following code shows how to do it:

$response = Read-host "What's your password?" -AsSecureString
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($response)

I don’t know of a quick and easy way to format Powershell code for a blog post so here’s a screenshot instead:

image

I’ve also put this on pastebin: http://pastebin.com/2D6xaz0U

All credit goes to Paul Williams for his post Converting System.Security.SecureString to String (in PowerShell)

@Jamiet

Published Thursday, April 24, 2014 3:58 PM by jamiet
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Iain Elder said:

Hey Jamie,

Fabio Pintos wrote about the risks of doing it like this and shows some alternatives.

http://blogs.msdn.com/b/fpintos/archive/2009/06/12/how-to-properly-convert-securestring-to-string.aspx

Your method works, but could be risky because it looks like you don't free the unmanaged memory. The plain string will just be sitting there in memory for the lifetime of your script.

Besides, low-level string handling like that isn't in the spirit of PowerShell :-)

Issues like this make me nervous when I have to handle plain passwords, but for some tasks, like automating SQL Server installs, there's sadly no way around it yet.

When I have to do it I use the Get-Credential cmdlet because it provides a visual prompt. It shows dots instead of password characters and stores the password as a secure string.

http://technet.microsoft.com/en-us/magazine/ff714574.aspx

If you need to get the plain version, call the GetNetworkCredential method.

The password field of the NetworkCredential is a managed string, so when it goes out of scope it should be cleaned up. I think...

May 11, 2014 7:12 PM
 

jamiet said:

Hi Iain,

This is great to know, thank you very much. I always tell people that one of the best reasons to blog is that you tend to learn more through the comments - yours is a great example of that.

Thanks for taking the time.

JT

May 12, 2014 3:00 AM

Leave a Comment

(required) 
(required) 
Submit

This Blog

Syndication

Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement