ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roger Vaughn <>
Subject Re: Password storage (was Re: FTP & JSPC)
Date Tue, 01 Aug 2000 21:35:44 GMT

In an automated environment, this just moves the problem from the build.xml file
to whatever script, cron job, etc. you use to start the build.  It's not really
much of an improvement -- and in fact, the presence of passwords in .history
makes it kind of worse!

Honestly, in my environment, I'm not worried about theft of the passwords I'm
using.  This may not be the case for others, however.  Anyway, what I'm
considering at the moment is really only a small improvement - I'm not going for
a secure scheme, just a trivial encoding to block casual snoopers.  Anyone who
really wants these passwords is going to get them.

Thanks for the suggestion on Keystore.  Unfortunately, as you point out, the
Java security classes are probably unusable in this context because of the
differences between 1.1, 1.2, and 1.3.  Kinda hard to keep up with an unstable



Steve Loughran wrote:

> How about having your task include the password in a property in the command
> line? This needs no extra code and you can keep the password out of
> everywhere except your .history or equivalent?

View raw message