I understand that passwords can be encrypted using the technique described at http://maven.apache.org/guides/mini/guide-encryption.html - however that can easily be circumvented by anyone who has access to the settings-security.xml file.
However, I also know that other software uses techniques of the local OS to protect data stored on local disks so that they can only be read by the user who created it (e.g. Keychain/Keyring/KWallet/CryptProtectData (e.g. Subversion; http://subversion.apache.org/faq.html#plaintext-passwords). I notice that there are a couple of issues still open in this area (e.g. MNG-4951, MNG-4602), but I don't see anything explicit about this sort of protection (it was mentioned in comments of the original issue that introduced settings-security.xml, MNG-553, but that's about all I could find). Do any of the existing tickets plan to cover this sort of usage, does anyone know? TIA, Greg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
