The problem with using <input> for passwords is then you need a person actually sitting there watching for the prompt. IIRC <input> is smart enough to see if the property is already bound, but that leads us back to the original problem of how to bind that property in the first place.
-- Jeffrey E. Care ([EMAIL PROTECTED]) WebSphere v7 Release Engineer WebSphere Build Tooling Lead (Project Mantis) Steve Loughran <[EMAIL PROTECTED]> wrote on 08/01/2005 07:27:11 AM: > Roedy Green wrote: > > I notice that in all the scripts I have seen people just insert their > > passwords as plain text in the scripts, e.g. for jarsigning. > > > > I don't want to do that since I will be distributing the scripts along > > with source code. > > > > It seems there are several ways you could handle it: > > 1. put the password in the registry. > > 2. make the password a system property you insert from a set variable. > > 3. put it in a file > > 4. something cleverer that makes you enter it and it remembers for a few > > hours. > > > > I wondered what is considered standard practice. > > > > -beware of passing things on the command line, as on unix its visible to > all users via the ps command > -you can use <input> to ask for a password; it will be echoed (java's fault) > > I keep passwords in properties files in a subdirectory that is locked > down with very restricted access, not in SCM. > > -steve > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
