once you have stored the password in a secure environment you can use either PHP or MySQL to generate 128bit md5 or 160bit sha1 http://phpsec.org/articles/2005/password-hashing.html
(Notice the use of a long salt to stop brute-force attempts to extract clear-text passwords) HTH Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: [email protected] > To: [email protected] > Subject: RE: Best Practices for Passwords and Usernames > Date: Wed, 15 Aug 2012 19:27:24 +0200 > > For security reasons it is a good idea to have the passwords encrypted on a > USB stick, see http://maven.apache.org/guides/mini/guide-encryption.html > > > > -----Original Message----- > > From: Eric Kolotyluk [mailto:[email protected]] > > Sent: Mittwoch, 15. August 2012 14:41 > > To: maven users > > Subject: Best Practices for Passwords and Usernames > > > > Are there some best practices around how and where to store usernames, > > passwords and other secret information wrt the local user? > > > > For example, what I have been doing in my user settings.xml is (the > > following), but is there some other best practice I should be > > following? > > In particular, I am trying to set up conventions to be used from our > > corporate POM that are based on a common 'user' profile. > > > > Cheers, Eric > > > > <?xml version="1.0" encoding="utf-8"?> > > <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 > > http://maven.apache.org/xsd/settings-1.0.0.xsd";> > > > > <profiles> > > <profile> > > <id>user</id> > > <properties> > > <com.perforce.p4maven.username>Eric_Kolotyluk</com.perforce.p4maven.use > > rname> > > <com.perforce.p4maven.password>secret</com.perforce.p4maven.password> > > <org.apache.maven.plugins.maven-release- > > plugin.username>${com.perforce.p4maven.username}</org.apache.maven.plug > > ins.maven-release-plugin.username> > > <org.apache.maven.plugins.maven-release- > > plugin.password>${com.perforce.p4maven.password}</org.apache.maven.plug > > ins.maven-release-plugin.password> > > </properties> > > </profile> > > </profiles> > > > > <activeProfiles> > > <activeProfile>user</activeProfile> > > </activeProfiles> > > > > </settings> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
