RegAddValue and ExecXmlFile custom actions write security information into the log file

[wixbot]

If you try to change sml file by Util:XmlFile tag or to write registry keys by RegistryValue tag, you will see infromation in log like the following:
MSI (s) (FC:1C) [12:41:48:619]: Executing op: RegAddValue(Name=DB Connection String,Value=Data Source=SQLServerName;Initial Catalog=DatabaseName;User ID=login;Password=pass;Connect Timeout=120,)
or
MSI (s) (0C:80) [15:27:09:048]: Executing op:
CustomActionSchedule(Action=ExecXmlFile,ActionType=3073,Source=BinaryData,Tar
get=ExecXmlFile,CustomActionData=
2 0 C:\Program
Files\ProgramName\Web.config€3€0€/configuration/system.web/sessionState/@sqlc
onnectionString€€Data Source=SQL_SERVER;User ID=Login;Password=Pass) . . .
Executing op: RegAddValue(Name=DB Connection String,Value=Data Source=
SQL_SERVER;Initial Catalog=DBName;User ID=Login;Password=Pass;Connect
Timeout=120,)
WriteRegistryValues: Key: \SOFTWARE\ProgramNameKey, Name: DB Connection
String, Value: Data Source= SQL_SERVER;Initial Catalog=DBName;User
ID=Login;Password=Pass;Connect Timeout=120

To fix this situation ou should add HideTarget parameter to CustomAction element for RegAddValue and ExecXmlFile custom actions.

See
http://windows-installer-xml-wix-toolset.687559.n2.nabble.com/Prevent-logging-td7582177.html
for details.

Originally opened by kong83 from http://sourceforge.net/p/wix/bugs/3163/

[wixbot]

We don't hide these strings by default because they contain useful debugging info. RegAddValue is an MSI operation so you can't hide them via properties.

Originally posted by barnson
Area set to extensions

[wixbot]

Originally changed by barnson
Resolution set to notabug
Status changed from Open to Resolved