ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <>
Subject Re: concealing passwords
Date Mon, 01 Aug 2005 11:27:11 GMT
Roedy Green wrote:
> I notice that in all the scripts I have seen people just insert their 
> passwords as plain text in the scripts, e.g. for jarsigning.
> I don't want to do that since I will be distributing the scripts along 
> with source code.
> It seems there are several ways you could handle it:
> 1. put the password in the registry.
> 2. make the password a system property you insert from a set variable.
> 3. put it in a file
> 4. something cleverer that makes you enter it and it remembers for a few 
> hours.
> I wondered what is considered standard practice.

-beware of passing things on the command line, as on unix its visible to 
all users via the ps command
-you can use <input> to ask for a password; it will be echoed (java's fault)

I keep passwords in properties files in a subdirectory that is locked 
down with very restricted access, not in SCM.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message