Geir Magnusson Jr. wrote:
> On 6/3/02 7:22 AM, "Ross Gardler" <[EMAIL PROTECTED]> wrote:
>
>
>>(copied back to jakarta-commons in case anywone there has a better idea)
>>
>>
>
> I assume that you didn't guess I sent it privately for a reason?
Ooops, sorry.
>
> I didn't want there to be any expectation of delivery, as I have an awful
> track record lately on this...
Well I am more than willing to help with the coding of this section.
>> 1. Put the username and password in the ANT build file and pass them
>> to the JJAR test
>>
>> 2. Have ant ask for the username and password interactively and pass the
>> values to the JJAR task
>>
>> 3. Define our own System propoerties to hold the username and passsword
>> and have JJAR extract them from there
>>
>>1 & 3 have a problem in that we either have to force the user to encode
>>the values before setting them or we create a security problem by
>>storing them unencoded.
>>
>
> Well, uuencoding doesn't make anything secret, just gibberish at first
> glance. And since we would be sending what is effectively cleartext
> anyway...
A good point.
>>2 is perhaps the best. We could set a property in the build file
>>indicating whether we are connecting through an authenticating proxy or
>>not, thus prompting the user for username and password. Furthermore,
>>using this method we allow the user to decide if they want to store the
>>username/password in the build file and thus prevent the need to type
>>them each time.
>>
>>What do you think?
>>
>>
>
> The problem with 2 is that it doesn't work for anything automated - for
> example a build system that is run automatically for testing would need to
> have the values somewhere.
>
> I think what we need is to give people the choice - one option to specify
> the values like #1, and one for #2, so if you want to keep it secret and do
> interactively, you can.
>
> Since we are talking about a security system that does everything in
> cleartext, doing something fancier doesn't make sense at first.
I agree. If you want assistance just let me what you have got so far and
I'll do the rest.
Ross
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
