ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey E Care <ca...@us.ibm.com>
Subject Re: concealing passwords
Date Mon, 01 Aug 2005 13:08:20 GMT
The problem with using <input> for passwords is then you need a person 
actually sitting there watching for the prompt. IIRC <input> is smart 
enough to see if the property is already bound, but that leads us back to 
the original problem of how to bind that property in the first place.

-- 
Jeffrey E. Care (carej@us.ibm.com)
WebSphere v7 Release Engineer
WebSphere Build Tooling Lead (Project Mantis)


Steve Loughran <stevel@apache.org> wrote on 08/01/2005 07:27:11 AM:

> Roedy Green wrote:
> > I notice that in all the scripts I have seen people just insert their 
> > passwords as plain text in the scripts, e.g. for jarsigning.
> > 
> > I don't want to do that since I will be distributing the scripts along 

> > with source code.
> > 
> > It seems there are several ways you could handle it:
> > 1. put the password in the registry.
> > 2. make the password a system property you insert from a set variable.
> > 3. put it in a file
> > 4. something cleverer that makes you enter it and it remembers for a 
few 
> > hours.
> > 
> > I wondered what is considered standard practice.
> > 
> 
> -beware of passing things on the command line, as on unix its visible to 

> all users via the ps command
> -you can use <input> to ask for a password; it will be echoed (java's 
fault)
> 
> I keep passwords in properties files in a subdirectory that is locked 
> down with very restricted access, not in SCM.
> 
> -steve
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> For additional commands, e-mail: user-help@ant.apache.org
> 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message