Ok, thanks Jason :) I'll ask him.. -Deng
On Tue, Aug 12, 2008 at 11:23 AM, Jason van Zyl <[EMAIL PROTECTED]> wrote: > You probably want to check with Oleg as he fully implemented this with > plexus-cypher. Not sure where he put the Maven code but he can't point you > right direction if you want to piece it together. > > > On 11-Aug-08, at 7:55 PM, Maria Odea Ching (JIRA) wrote: > > >> [ >> http://jira.codehaus.org/browse/MNG-553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=144751#action_144751 >> ] >> >> Maria Odea Ching commented on MNG-553: >> -------------------------------------- >> >> Ok, thanks for pointing that out Heinrich. I'll create a separate design >> doc for the encryption. I'll look more into the code Brett posted above.. >> Thanks! >> >> Secure Storage of Server Passwords >>> ---------------------------------- >>> >>> Key: MNG-553 >>> URL: http://jira.codehaus.org/browse/MNG-553 >>> Project: Maven 2 >>> Issue Type: Improvement >>> Components: Settings >>> Affects Versions: 2.0-alpha-3 >>> Environment: Although it may not be relevant since this is a >>> general improvement issue, Windows XP, JDK 1.4.1. >>> Reporter: J. Michael McGarr >>> Assignee: Brett Porter >>> Priority: Critical >>> Fix For: 2.1 >>> >>> >>> This was a question pose to the Maven User's Group and it was suggested I >>> add it here. >>> It would be benefitial to provide a more secure means of storing >>> password's to the servers listed in the .m2/settings.xml. They are >>> currently being stored as plain text and could definately be considered a >>> security breach. Numerous organizations would undoubtedly considered this >>> an unacceptable security risk, and this could prevent widespread adoption of >>> Maven2. >>> I would suggest leaving an option to encrypt the password into the >>> settings file (more secure, but not foolproof) or even requiring the >>> password to be manually provided per build (would prevent automation of >>> builds). I am sure that there is a secure solution to this problem and it >>> should be part of the 2.0 release. >>> >> >> -- >> This message is automatically generated by JIRA. >> - >> If you think it was sent incorrectly contact one of the administrators: >> http://jira.codehaus.org/secure/Administrators.jspa >> - >> For more information on JIRA, see: http://www.atlassian.com/software/jira >> >> >> > Thanks, > > Jason > > ---------------------------------------------------------- > Jason van Zyl > Founder, Apache Maven > jason at sonatype dot com > ---------------------------------------------------------- > > A language that doesn't affect the way you think about programming is not > worth knowing. > > -— Alan Perlis > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
