ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject cvs commit: ant/docs/manual/CoreTasks signjar.html
Date Mon, 07 Feb 2005 23:51:01 GMT
stevel      2005/02/07 15:51:01

  Modified:    docs/manual/CoreTasks signjar.html
  This is actually a serious issue. if i have a login on a machine, I can get the keystore
password by waiting for someone to sign a JAR on it. We can fix this, either by running jarsigner
in VM, or by passing the input over stdio.
  Revision  Changes    Path
  1.13      +7 -0      ant/docs/manual/CoreTasks/signjar.html
  Index: signjar.html
  RCS file: /home/cvs/ant/docs/manual/CoreTasks/signjar.html,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- signjar.html	26 Nov 2004 09:52:06 -0000	1.12
  +++ signjar.html	7 Feb 2005 23:51:01 -0000	1.13
  @@ -16,6 +16,13 @@
   its modification date is used as a cue as to whether to resign any JAR file.
  +<b>Security warning</b>. This task forks the <tt>jarsigner</tt>
  +(which must of course be on the path). The store password is passed in on
  +the command line, so visible in Unix to anyone running <tt>ps -ef</tt>
  +on the same host, while signing takes place. Only sign on a secured system.
   <table border="1" cellpadding="2" cellspacing="0">

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message