On 2012-08-15 2:22 PM, Wayne Fay wrote:
Storing your password in plain text in your settings.xml file is sometimes
(always?) bad practice. In that case you should look into encrypting the
passwords that are contained therein. (See
I personally disagree with this if you are using a reasonable
filesystem with reasonable security norms. This would mean your home
dir is not world-readable etc if you are on a multi-user system so no
one should be able to find their way to your ~/.m2/ directory and be
able to look at your settings.xml file in the first place.
I don't believe the extra work of encrypting those strings is worth a
whole lot. It is simply security theatre.
Wayne
Yes - security is always a trade-off between complexity and convenience.
In some environments you need to be hyper vigilant, and in others you
don't. It is always best to know the consequences and the options.
Cheers, Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
