maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathryn Huxtable <khuxta...@ku.edu>
Subject Re: maven proxy settings - security hazard
Date Wed, 26 Apr 2006 20:27:51 GMT
I always use scpexe instead of scp, thus enabling me to use ssh-agent (or
pageant if you're using putty on windows) to hold my credentials. That way
the only thing that is in the file is the location of my key and my
username. The passphrase must be entered by me externally.

-K


On 4/26/06 3:22 PM, "Kenney Westerhof" <kenney@apache.org> wrote:

> On Wed, 26 Apr 2006, Shukla, Sanjay wrote:
> 
>> Maven needs proxy server url and credential information.
>> 
>> However this poses a security risk as your password is in a plain text
>> format. Is there some way to circumvent this ?
> 
> I don't think so. But you can use unix file/directory permissions to
> disallow anybody but you access to that file. Ofcourse root can always
> access your files but they usually also manage the proxy accounts.
> 
> -- Kenney
> 
>> 
>> .m2/settings.xml
>> 
>>   <proxies>
>>      <proxy>
>>       <id>1001</id>
>>       <active>true</active>
>>       <protocol>http</protocol>
>>       <username>me</username>
>>       <password>pass</password>
>>       <host>ip</host>
>>       <port>port</port>
>>       <nonProxyHosts>localhost</nonProxyHosts>
>>     </proxy>
>>     </proxies>
>> 
>> 
>> Sanjay Shukla,
>> HPI Product Engineering, 2 Penn Plaza, NY.
>> 212 904 3629 Office
>> 732 692 4419 Cell
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>> 
>> 
> 
> --
> Kenney Westerhof
> http://www.neonics.com
> GPG public key: http://www.gods.nl/~forge/kenneyw.key
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message