ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fran├žois Waelti <francois.wae...@portalys.ch>
Subject RE: ant security risk
Date Fri, 08 Jun 2001 12:49:05 GMT
John.D.Casey@mail.sprint.com has written a task calles askUser that can help
you.

You can find that at the following URL:


http://www.mail-archive.com/ant-user@jakarta.apache.org/msg03062.html

Hope it helps

Francois

-----Original Message-----
From: Christopher William Turner [mailto:cwturner@cycom.co.uk]
Sent: Friday, June 08, 2001 2:31 PM
To: ant-user@jakarta.apache.org
Subject: ant security risk


I'm using ant to build signed jars with a real expensive certificate.
Obviously I don't want my passphrases to be embedded
anywhere. So

<signjar ... storepass="mysecretisout" />
is an unsafe solution
 
<signjar ... storepass="${keystorepass}" /> 
is little better since I must do builds like:
ant -Dkeystorepass=mysecretisout
which gets recorded in my command history file.

The solution is to prompt for the password. I would like
ant to support this but I couldn't find any prompting tasks.

Please could such a password prompt facility be built into ant?.
Maybe with a syntax like:

<askuser destproperty="keystorepass" echo="false" prompt="enter keystore
password" url="console:"/>

-- 
Christopher William Turner, http://www.cycom.co.uk/ "Serving fine Java
since 1996"

Mime
View raw message