maven-plugins/artifact/xdocs/security.xml

<?xml version="1.0"?>
<!-- 
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 -->

<document>

  <properties>
    <title>Security Considerations</title>
    <author email="michal.maczka@dimatics.com">Michal Maczka</author>
  </properties>

  <body>
    <section name="Security Considerations">

<source><![CDATA[
> 
> For the moment I have tested my API with username, user password 
> kept in properties file. I think that such approach is not acceptable.
> 
> You can use command line to pass properties to maven: 
> 
> maven  war:deloy -Dmaven.repo.ibiblio.password = ******
> 
> 
> This is already better ... but still not perfect.
> 
> I will try to implement/use(if I find one) simple class which will "Prompt" 
> to type your password (eventually to enter other required parameters which
> are missing)
> 
> regards
> 
> 
> Michal

I would avoid the command line passed password. It is much less secure
on unix than the password kept in a file. Command line can be seen by
simple ps commands, or e.g. linux systems store the in the /proc filesystem.
It should be used only from command files.

incze

]]></source>

    </section>
  </body>
</document>