ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anderson, Rob (Global Trade)" <Rob.Ander...@nike.com>
Subject RE: Ant tasks to encrypt or decrypt passwords from property files
Date Mon, 19 Jun 2006 22:39:17 GMT
In many cases your best option is probably to prompt the user for the
password using the input task. This solves the problem of storing the
password in plain text in a file, but it requires that the user interact
with the ant build. Another option is to pass in the password on the
command line:

ant -Dpassword=something target

This is less desirable since another user could run ps -ef and see the
password in the process list (on unix).

-Rob A

> -----Original Message-----
> From: Alexey N. Solofnenko [mailto:A.Solofnenko@mdl.com] 
> Sent: Monday, June 19, 2006 1:20 PM
> To: Ant Users List
> Subject: Re: Ant tasks to encrypt or decrypt passwords from 
> property files
> 
> This can be done by requiring a key store in user home. Only 
> people that have some special certificates, can 
> encrypt/decrypt date (SSH style security). The decryption can 
> be easily done with <scriptdef>. This is a corresponding Java code:
> 
>         SecretKeySpec skeySpec=new 
> SecretKeySpec(readAll("key"), "AES");
>         Cipher cipher=Cipher.getInstance("AES");
>         cipher.init(Cipher.DECRYPT_MODE, skeySpec);
> 
>         String value=new String(cipher.doFinal(buffer), "UTF-8")
> 
> It would be trivial to write a wrapper code for ANT. buffer 
> has to be a byte array. I would suggest using binhex conversion.
> 
> - Alexey.
> 
> Dominique Devienne wrote:
> >> we would be interested in encrypting.
> >
> > But then it's a chicken-and-egg problem, no?
> >
> > Where are you going to store the passwords to decrypt the passwords 
> > read from properties files? --DD
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org For 
> additional 
> > commands, e-mail: user-help@ant.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org For 
> additional commands, e-mail: user-help@ant.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message