ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: concealing passwords
Date Mon, 01 Aug 2005 11:27:11 GMT
Roedy Green wrote:
> I notice that in all the scripts I have seen people just insert their 
> passwords as plain text in the scripts, e.g. for jarsigning.
> 
> I don't want to do that since I will be distributing the scripts along 
> with source code.
> 
> It seems there are several ways you could handle it:
> 1. put the password in the registry.
> 2. make the password a system property you insert from a set variable.
> 3. put it in a file
> 4. something cleverer that makes you enter it and it remembers for a few 
> hours.
> 
> I wondered what is considered standard practice.
> 

-beware of passing things on the command line, as on unix its visible to 
all users via the ps command
-you can use <input> to ask for a password; it will be echoed (java's fault)

I keep passwords in properties files in a subdirectory that is locked 
down with very restricted access, not in SCM.

-steve

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message