ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Huang" <judoscr...@hotmail.com>
Subject RE: AW: reading password for FTP task
Date Fri, 13 Aug 2004 13:54:03 GMT
JudoScript has a native data type, Secret, to address the password issue: 
http://www.judoscript.com/books/judoscript-0.9/chapters/datatypes.html#secret

The idea is:

a) Specify the crypted password value ALONG WITH its decryptor object.
b) Different people (who run the script) will have different decryptor 
objects.
c) The decrypted value of a Secret value is always printed as null 
(surprise!)

So a script (in JudoScript) can be run by a developer with a plain-text 
"decryptor" object on her dev machine, and the same script is run by a 
sysadm with a JNI-based, 2048-bit encryptor, say. That decryptor object is 
like a key dangling on the key-chain of a jail keeper.

One can certainly hack the code (JudoScript is 100% open source anyway); but 
as long as he does not have the decryptor object, he can't get to the 
password.

-James

>From: Jan.Materne@rzf.fin-nrw.de
>Reply-To: "Ant Users List" <user@ant.apache.org>
>To: user@ant.apache.org
>Subject: AW: reading password for FTP task
>Date: Fri, 13 Aug 2004 15:33:24 +0200
>
>If you store a value inside Ant´s project, you can access that.
>You could
>- store the encrypted value as property
>- extend <ftp> to decrypt that password before doing its work
>   class MyFtp extends FTP /* search for right classname */ {
>       private boolean pwdIsEncrypted = false; // setter
>       public void execute() {
>           if (pwdIsEncrypted) {
>               password = ...  // overwrite the set (encrypted) pwd by the
>decrypted one
>           }
>           super.execute(); // let the <ftp> work
>       }
>
>But that is also very easy to hack. Maybe via decompilation ... but by
>simply using your
>Decrypt-Class.
>
>
>Jan
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Velagapudi, Murali [mailto:murali.velagapudi@citigroup.com]
> > Gesendet am: Freitag, 13. August 2004 15:26
> > An: Ant Users List
> > Betreff: RE: reading password for FTP task
> >
> >    Not me if any one wants to know the password then then can
> > do that by simply including  the echo the password that is
> > what my concern over here.
> >
> > thanks,
> > Murali
> >
> > -----Original Message-----
> > From: Jan.Materne@rzf.fin-nrw.de [mailto:Jan.Materne@rzf.fin-nrw.de]
> > Sent: Friday, August 13, 2004 1:36 AM
> > To: user@ant.apache.org
> > Subject: AW: reading password for FTP task
> >
> >
> > "echo"?
> > Why using <echo> when you dont want to print something?
> >
> > Jan
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Velagapudi, Murali [mailto:murali.velagapudi@citigroup.com]
> > > Gesendet am: Donnerstag, 12. August 2004 17:54
> > > An: Ant Users List
> > > Betreff: RE: reading password for FTP task
> > >
> > > Jan,
> > >
> > >     Thank you vey much ,it worked i could get that using your
> > > approach, and also
> > > Is there any way i could supress the echo task, because after
> > > getting the cleartext from encrypted password if i do echo
> > > its(the pwd) get displayed ,even if i change the execute
> > > method in Echo class ,i can stop that for the Ant build in my
> > > local system ,if any one else executes this with another Ant
> > > then they can know the password.
> > >
> > > thanks,
> > > Murali
> > >
> > > -----Original Message-----
> > > From: Jan.Materne@rzf.fin-nrw.de [mailto:Jan.Materne@rzf.fin-nrw.de]
> > > Sent: Thursday, August 12, 2004 2:52 AM
> > > To: user@ant.apache.org
> > > Subject: AW: reading password for FTP task
> > >
> > >
> > > Simplest thing would writing a task which stores the password as
> > > property.
> > >
> > > public class GetPassword extends Task {
> > >     private String property;
> > >     public void setProperty(String p) { property = p; }
> > >     public void execute() {
> > >         String pwd = getPassword();
> > >         getProject().setNewProperty(property, pwd);
> > >     }
> > >     private String getPassword();
> > >         String rv;
> > >         // do your work
> > >         return rv;
> > >     }
> > > }
> > >
> > > <project>
> > >     <taskdef name="getpassword" classname="GetPassword"/>
> > >     <getpassword property="ftp.pwd"/>
> > >     <ftp password="${ftp.pwd}"/>
> > > </project>
> > >
> > >
> > > Jan
> > >
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Velagapudi, Murali [mailto:murali.velagapudi@citigroup.com]
> > > > Gesendet am: Mittwoch, 11. August 2004 23:01
> > > > An: Ant Users List
> > > > Betreff: reading password for FTP task
> > > >
> > > > Hi All,
> > > >
> > > >    I have a key/password stored in properties file(key file)
> > > > ,i need to invoke  a java class which decrypts that key and
> > > > give me the correct(clear text) password which i can use for
> > > > connecting to ftp server, how can i include that in ftp task,
> > > > that is to invoke that class and get the return string  back
> > > > and should be passed as value for "password" property in ftp task?
> > > >
> > > > thanks in advance,
> > > > Murali
> > > >
> > > >
> > >
> > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> > > > For additional commands, e-mail: user-help@ant.apache.org
> > > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> > > For additional commands, e-mail: user-help@ant.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> > For additional commands, e-mail: user-help@ant.apache.org
> >



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message