[jira] Created: (MANTRUN-134) Prevent passwords (or any 'secret' data) to go into maven-build.properties

["Etienne (JIRA)" <ji...@codehaus.org>]

Prevent passwords (or any 'secret' data) to go into maven-build.properties
--------------------------------------------------------------------------

                 Key: MANTRUN-134
                 URL: http://jira.codehaus.org/browse/MANTRUN-134
             Project: Maven 2.x Antrun Plugin
          Issue Type: Wish
    Affects Versions: 1.3, 1.2, 1.1, 1.0, 1.4
         Environment: NA
(FYI: eclipse, maven 2, windows)
            Reporter: Etienne


Hi,

  I'm the main developper of jupload, an open-source project hosted on sourceforge. (FYI: an applet, which helps sending files to the server).

 This applet needs to be signed, thus I need to store on the local configuration two properties: the file containing the keystore, and its password. In my case, these properties are stored in a specific profilen named 'jupload', in the settings.xml.



  These properties must remain secret.


  I currently want to use your (nice!) ant plugin, to allow non mavenized users to work on the applet.

But ...


... when using the ant:ant goal, all available properties are stored into the maven-build.properties file. So I must be careful, not to through my keystore password away.


 So, my wish is: have a way to hide 'secret' properties. 
I see several way to do this, without knowing what is feasible:
1) Prevent the ant:ant goal to capture properties. These properties could be managed like the build.xml file: have a maven-build.properties (with maven and project properties), and another properties file. This last file would be created once, like the build.properties, and would be overriden only with a specific configuration parameter, like the build.xml file.
2) Disallow the profile 'jupload', which contain the password. Would be the better, as it would also work if I create additionnaly properties there.
3) Allow to undefine properties. A message could be add into the maven-build.properties, to list the properties that must be defined locally, as an ant property for instance.
4) Have a way to filter properties, based on their name or by a regular expression (like jupload.* for instance)

Etienne

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

[jira] Moved: (MANT-62) Prevent passwords (or any 'secret' data) to go into maven-build.properties

["Paul Gier (JIRA)" <ji...@codehaus.org>]

     [ http://jira.codehaus.org/browse/MANT-62?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Gier moved MANTRUN-134 to MANT-62:
---------------------------------------

    Affects Version/s:     (was: 1.4)
                           (was: 1.3)
                           (was: 1.2)
                           (was: 1.1)
                           (was: 1.0)
                  Key: MANT-62  (was: MANTRUN-134)
              Project: Maven 2.x Ant Plugin  (was: Maven 2.x Antrun Plugin)

> Prevent passwords (or any 'secret' data) to go into maven-build.properties
> --------------------------------------------------------------------------
>
>                 Key: MANT-62
>                 URL: http://jira.codehaus.org/browse/MANT-62
>             Project: Maven 2.x Ant Plugin
>          Issue Type: Wish
>         Environment: NA
> (FYI: eclipse, maven 2, windows)
>            Reporter: Etienne
>
> Hi,
>   I'm the main developper of jupload, an open-source project hosted on sourceforge. (FYI: an applet, which helps sending files to the server).
>  This applet needs to be signed, thus I need to store on the local configuration two properties: the file containing the keystore, and its password. In my case, these properties are stored in a specific profilen named 'jupload', in the settings.xml.
>   These properties must remain secret.
>   I currently want to use your (nice!) ant plugin, to allow non mavenized users to work on the applet.
> But ...
> ... when using the ant:ant goal, all available properties are stored into the maven-build.properties file. So I must be careful, not to through my keystore password away.
>  So, my wish is: have a way to hide 'secret' properties. 
> I see several way to do this, without knowing what is feasible:
> 1) Prevent the ant:ant goal to capture properties. These properties could be managed like the build.xml file: have a maven-build.properties (with maven and project properties), and another properties file. This last file would be created once, like the build.properties, and would be overriden only with a specific configuration parameter, like the build.xml file.
> 2) Disallow the profile 'jupload', which contain the password. Would be the better, as it would also work if I create additionnaly properties there.
> 3) Allow to undefine properties. A message could be add into the maven-build.properties, to list the properties that must be defined locally, as an ant property for instance.
> 4) Have a way to filter properties, based on their name or by a regular expression (like jupload.* for instance)
> Etienne

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira