ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Martin <antu...@gmail.com>
Subject Re: concealing passwords
Date Mon, 01 Aug 2005 11:51:17 GMT
Hello,

You can also get the user input via an antform [1] UI which can star passwords:

<antform>
  <textProperty label="enter a password" property="my.password"
password="true" />
</antform>

Not tested, but something like that should work.

[1] http://antforms.sourceforge.net/

On 8/1/05, Steve Loughran <stevel@apache.org> wrote:
> Roedy Green wrote:
> > I notice that in all the scripts I have seen people just insert their
> > passwords as plain text in the scripts, e.g. for jarsigning.
> >
> > I don't want to do that since I will be distributing the scripts along
> > with source code.
> >
> > It seems there are several ways you could handle it:
> > 1. put the password in the registry.
> > 2. make the password a system property you insert from a set variable.
> > 3. put it in a file
> > 4. something cleverer that makes you enter it and it remembers for a few
> > hours.
> >
> > I wondered what is considered standard practice.
> >
> 
> -beware of passing things on the command line, as on unix its visible to
> all users via the ps command
> -you can use <input> to ask for a password; it will be echoed (java's fault)
> 
> I keep passwords in properties files in a subdirectory that is locked
> down with very restricted access, not in SCM.
> 
> -steve
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> For additional commands, e-mail: user-help@ant.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message