Another alternative is to let the user put the username and password in environment variables, and then have a deployer start script that sends them in as system properties.
Aaron On Fri, 15 Jul 2005 [EMAIL PROTECTED] wrote: > Currently if someone specifies a userid and password on the command line > to the deploy tool, it could be visible to other UNIX users via ps > commands. > > Should we enable the user to point the deployer to a properties file > (stored in a secured location) that contains the userid and password. That > would be more secure for cases where the tool is being called by scripts > and the userid/password prompting is not desired. > > Our documentation should also remind users about this security issue. > > Does this sound reasonable for a new JIRA task? > > John >
