geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Boynes <jboy...@gluecode.com>
Subject Re: [jira] Commented: (GERONIMO-478) Deployer must not echo password when prompting
Date Wed, 08 Dec 2004 20:26:16 GMT
Hiram Chirino (JIRA) wrote:
> [
> http://nagoya.apache.org/jira/browse/GERONIMO-478?page=comments#action_56397
> ]
> 
> Hiram Chirino commented on GERONIMO-478: 
> ----------------------------------------
> 
> The password hiding strategy that the patch uses is not very optimal
> since it is continously updating the screen to overwrite the typed
> password.  Over a slow ssh connection this "feature" might not be so
> good.
> 
> Another approach might be to used something like
> http://jline.sourceforge.net/#reading_password We site says that
> jline is lgpl but
> http://web1.2020media.com/j/jez/javanicuscom/blog2/items/162-index.html
> seems to indicate that it has recently relicensed as BSD.
> 

I agree with Hiram here that the overwrite the text approach is going to 
be problematic. JLine's approach of using platform specific code seems a 
better way to go.

I would suggest looking at a JAAS based mechanism where people can plug 
the credential gathering mechanism (e.g. to use a popup dialog, platform 
specific console control, local certificate store, ...)

--
Jeremy

Mime
View raw message