https://issues.apache.org/bugzilla/show_bug.cgi?id=43941
--- Comment #4 from Franz Haeuslschmid <[EMAIL PROTECTED]> 2008-07-15 11:33:27
PST ---
(In reply to comment #3)
> you mean use the same wording on sshexec's page that is currently used on
> scp's
> - or vice versa?
The former one. The description for the Scp task contains the following
security note:
> Security Note: Hard coding passwords and/or usernames in scp task can be a
> serious security hole. Consider using variable substitution and include the
> password on the command line. For example:
>
> <scp todir="${username}:[EMAIL PROTECTED]:/dir" ...>
>
> Invoking ant with the following command line:
>
> ant -Dusername=me -Dpassword=mypassword target1 target2
>
> Is slightly better, but the username/password is exposed to all users on a
> Unix system (via the ps command). The best approach is to use the <input>
> task > and/or retrieve the password from a (secured) .properties file.
I think this clearly describes all options with their respective weaknesses. I
think the Sshexec task should contain a similar hint.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
