Yeah, the last option where we have the user provide a password is where we're currently headed. Thanks for your input!
-----Original Message----- From: Ron Wheeler [mailto:[email protected]] Sent: Wednesday, May 23, 2012 2:21 PM To: [email protected] Subject: Re: How can I eliminate these embedded username and password entries? I used invisible ink. You are right that the passwords are in clear text in the JNDI but they are in a place where they are not supposed to be visible to anyone except the system administrator. For desktop applications, you can embed the passwords in the code and hope that the customers do not reverse engineer or you can provide a service that the desktop client can call to get a password from your server to use to unlock the database on their workstation. If your installation procedure can get a password from the user and use that for the database, then you are at least giving the user a private password that will not be any good on another client's database. It all depends on what use case you are trying to handle. Ron On 23/05/2012 12:18 PM, Will Hoover wrote: > Was there a reply in there that I'm overlooking? > > -----Original Message----- > From: Ron Wheeler [mailto:[email protected]] > Sent: Wednesday, May 23, 2012 11:50 AM > To: [email protected] > Subject: Re: How can I eliminate these embedded username and password > entries? > > On 23/05/2012 10:33 AM, Will Hoover wrote: >> Great posts! Thank you! My only concern with the proposed solutions are > the >> following: >> >> 1) Remote resources, scripts, etc. are great for internal network >> deployments (or "ships") such as web applications, but what about desktop > or >> mobile applications that are self contained? >> 2) Even with JNDI and other solutions... at some point the passwords still >> reside in clear-text format, right? >> >> BTW, I agree that this should be outside the scope of Maven >> responsibilities. I'm just looking for input from other Maveneers and what >> measures they have taken to tackle this issue :) >> >> -----Original Message----- >> From: Ron Wheeler [mailto:[email protected]] >> Sent: Wednesday, May 23, 2012 9:54 AM >> To: [email protected] >> Subject: Re: How can I eliminate these embedded username and password >> entries? >> >> This has come up so often I wrote some blogs on it. >> >> http://blog.artifact-software.com/tech/?tag=jndi >> >> On 23/05/2012 9:05 AM, Barrie Treloar wrote: >>> On Wed, May 23, 2012 at 10:23 PM, Will Hoover<[email protected]> >> wrote: >>>> This is an interesting topic of interest. We would like to do a similar >> thing with our DB passwords that are in our POMs. Are there any other >> options other than the ones described? >>> Search the archives. >>> External Resources used at Runtime (rather than build time) are either >>> stored in JNDI or in property files which are loaded on the classpath. >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> > -- Ron Wheeler President Artifact Software Inc email: [email protected] skype: ronaldmwheeler phone: 866-970-2435, ext 102 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
