43beb52651
git-svn-id: https://svn.apache.org/repos/asf/maven/maven-1/plugins/trunk@113543 13f79535-47bb-0310-9956-ffa450edef68
46 lines
1.1 KiB
XML
46 lines
1.1 KiB
XML
<?xml version="1.0"?>
|
|
<document>
|
|
|
|
<properties>
|
|
<title>Security Considerations</title>
|
|
<author email="michal.maczka@dimatics.com">Michal Maczka</author>
|
|
</properties>
|
|
|
|
<body>
|
|
<section name="Security Considerations">
|
|
<p>
|
|
|
|
<source><![CDATA[
|
|
>
|
|
> For the moment I have tested my API with username, user password
|
|
> kept in properties file. I think that such approach is not acceptable.
|
|
>
|
|
> You can use command line to pass properties to maven:
|
|
>
|
|
> maven war:deloy -Dmaven.repo.ibiblio.password = ******
|
|
>
|
|
>
|
|
> This is already better ... but still not perfect.
|
|
>
|
|
> I will try to implement/use(if I find one) simple class which will "Prompt"
|
|
> to type your password (eventually to enter other required parameters which
|
|
> are missing)
|
|
>
|
|
> regards
|
|
>
|
|
>
|
|
> Michal
|
|
|
|
I would avoid the command line passed password. It is much less secure
|
|
on unix than the password kept in a file. Command line can be seen by
|
|
simple ps commands, or e.g. linux systems store the in the /proc filesystem.
|
|
It should be used only from command files.
|
|
|
|
incze
|
|
|
|
]]></source>
|
|
</p>
|
|
</section>
|
|
</body>
|
|
</document>
|