geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Deploy tool and user and password security
Date Fri, 15 Jul 2005 11:59:45 GMT
	Another alternative is to let the user put the username and 
password in environment variables, and then have a deployer start script 
that sends them in as system properties.

Aaron

On Fri, 15 Jul 2005 sissonj@insession.com wrote:
> Currently if someone specifies a userid and password on the command line 
> to the deploy tool, it could be visible to other UNIX users via ps 
> commands.
> 
> Should we enable the user to point the deployer to a properties file 
> (stored in a secured location) that contains the userid and password. That 
> would be more secure for cases where the tool is being called by scripts 
> and the userid/password prompting is not desired.
> 
> Our documentation should also remind users about this security issue.
> 
> Does this sound reasonable for a new JIRA task?
> 
> John
> 

Mime
View raw message