ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vishal Vishnoi <vvish...@bea.com>
Subject Re: Ant tasks to encrypt or decrypt passwords from propertyfiles
Date Tue, 20 Jun 2006 16:00:07 GMT
For the case of  prompting user for password,  you can also consider 
using AntForm (http://antforms.sourceforge.net/index.html) to have 
simple swing ui in which use can enter password.

--Vishal

Petar Tahchiev wrote:

> On 20/06/06, Rebhan, Gilbert <Gilbert.Rebhan@huk-coburg.de> wrote:
>
>>
>> But remember, if someone runs ant in -debug
>> mode,  he will see your password in stdout or logifle !!
>>
>> Regards, Gilbert
>>
>> -----Original Message-----
>> From: Venkatesh Vijayakumar04 [mailto:Venkatesh_V04@infosys.com]
>> Sent: Tuesday, June 20, 2006 5:00 AM
>> To: Ant Users List
>> Subject: RE: Ant tasks to encrypt or decrypt passwords from
>> propertyfiles
>>
>>
>> Hi,
>>
>> Try the following
>>
>>
>> Write a separate encryption java program
>>
>> Write a separate decryption java program in such a way that when the
>> program is executed, it will refer the encrypted password stored in the
>> property file and gives the clear text password which is the output will
>> be stored in a separate property file.
>>
>> In your case, you will be having the encrypted password in property file
>> so compile and run the decryption java program from ant using javac and
>> java task in ant.
>>
>> As a result of the above step a property file with clear text password
>> will be stored.
>>
>> Load the value of the property file in a property using loadproperty
>> task in ant
>>
>> Delete the password property file immediately.
>>
>> Refer the property name for subsequent build of password.
>>
>>
>> Thanks
>> Venkatesh.V
>>
>>
>>
>> -----Original Message-----
>> From: Anderson, Rob (Global Trade) [mailto:Rob.Anderson@nike.com]
>>
>> Sent: Tuesday, June 20, 2006 4:09 AM
>> To: Ant Users List
>> Subject: RE: Ant tasks to encrypt or decrypt passwords from
>> propertyfiles
>>
>> In many cases your best option is probably to prompt the user for the
>> password using the input task. This solves the problem of storing the
>> password in plain text in a file, but it requires that the user interact
>> with the ant build. Another option is to pass in the password on the
>> command line:
>>
>> ant -Dpassword=something target
>>
>> This is less desirable since another user could run ps -ef and see the
>> password in the process list (on unix).
>>
>> -Rob A
>>
>> > -----Original Message-----
>> > From: Alexey N. Solofnenko [mailto:A.Solofnenko@mdl.com]
>>
>> > Sent: Monday, June 19, 2006 1:20 PM
>> > To: Ant Users List
>> > Subject: Re: Ant tasks to encrypt or decrypt passwords from
>>
>> > property files
>> >
>>
>> > This can be done by requiring a key store in user home. Only
>>
>> > people that have some special certificates, can
>>
>> > encrypt/decrypt date (SSH style security). The decryption can
>>
>> > be easily done with <scriptdef>. This is a corresponding Java code:
>> >
>>
>> >         SecretKeySpec skeySpec=new
>>
>> > SecretKeySpec(readAll("key"), "AES");
>> >         Cipher cipher=Cipher.getInstance("AES");
>> >         cipher.init(Cipher.DECRYPT_MODE, skeySpec);
>> >
>>
>> >         String value=new String(cipher.doFinal(buffer), "UTF-8")
>> >
>>
>> > It would be trivial to write a wrapper code for ANT. buffer
>>
>> > has to be a byte array. I would suggest using binhex conversion.
>> >
>>
>> > - Alexey.
>> >
>>
>> > Dominique Devienne wrote:
>> > >> we would be interested in encrypting.
>> > >
>> > > But then it's a chicken-and-egg problem, no?
>> > >
>> > > Where are you going to store the passwords to decrypt the passwords
>>
>> > > read from properties files? --DD
>> > >
>> > >
>>
>> > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org For
>>
>> > additional
>>
>> > > commands, e-mail: user-help@ant.apache.org
>> >
>>
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org For
>>
>> > additional commands, e-mail: user-help@ant.apache.org
>> >
>>
>> >
>>
>> >
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
>> For additional commands, e-mail: user-help@ant.apache.org
>>
>>
>> **************** CAUTION - Disclaimer *****************
>> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
>> solely for the use of the addressee(s). If you are not the intended
>> recipient, please notify the sender by e-mail and delete the original
>> message. Further, you are not to copy, disclose, or distribute this
>> e-mail or its contents to any other person and any such actions are
>> unlawful. This e-mail may contain viruses. Infosys has taken every
>> reasonable precaution to minimize this risk, but is not liable for any
>> damage you may sustain as a result of any virus in this e-mail. You
>> should carry out your own virus checks before opening the e-mail or
>> attachment. Infosys reserves the right to monitor and review the content
>> of all messages sent to or from this e-mail address. Messages sent to or
>> from this e-mail address may be stored on the Infosys e-mail system.
>> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
>> For additional commands, e-mail: user-help@ant.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
>> For additional commands, e-mail: user-help@ant.apache.org
>>
>>
> Hi to everybody,
>
> Venkatesh's solutions seems very interesting, and as to danch I think
> that mounting and unmounting is secure enough, although a bit
> complicated, as ant is used for build automation, and you don't get
> much automation with this approach.
>
> My personal opinion is that in this case you can't get 100% security.
> I would personally use base64 encryption to store the passwords in a
> temporary property file(there is a good command-line utility on [2]
> for this), and then load them.
>
> Also another approach to this is, as Rob suggested, to prompt the user
> to enter his password when needed. Ivan


> on [1] showed how we
> can extend ant's input abilities in a way to mask the text being
> typed.
>
> Hope that helps.
>
>
> [1] https://sourceforge.net/project/showfiles.php?group_id=103509
> [2] http://www.fourmilab.ch/webtools/base64/



_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message