You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Etienne (JIRA)" <ji...@codehaus.org> on 2010/05/03 16:50:12 UTC
[jira] Created: (MANTRUN-134) Prevent passwords (or any 'secret'
data) to go into maven-build.properties
Prevent passwords (or any 'secret' data) to go into maven-build.properties
--------------------------------------------------------------------------
Key: MANTRUN-134
URL: http://jira.codehaus.org/browse/MANTRUN-134
Project: Maven 2.x Antrun Plugin
Issue Type: Wish
Affects Versions: 1.3, 1.2, 1.1, 1.0, 1.4
Environment: NA
(FYI: eclipse, maven 2, windows)
Reporter: Etienne
Hi,
I'm the main developper of jupload, an open-source project hosted on sourceforge. (FYI: an applet, which helps sending files to the server).
This applet needs to be signed, thus I need to store on the local configuration two properties: the file containing the keystore, and its password. In my case, these properties are stored in a specific profilen named 'jupload', in the settings.xml.
These properties must remain secret.
I currently want to use your (nice!) ant plugin, to allow non mavenized users to work on the applet.
But ...
... when using the ant:ant goal, all available properties are stored into the maven-build.properties file. So I must be careful, not to through my keystore password away.
So, my wish is: have a way to hide 'secret' properties.
I see several way to do this, without knowing what is feasible:
1) Prevent the ant:ant goal to capture properties. These properties could be managed like the build.xml file: have a maven-build.properties (with maven and project properties), and another properties file. This last file would be created once, like the build.properties, and would be overriden only with a specific configuration parameter, like the build.xml file.
2) Disallow the profile 'jupload', which contain the password. Would be the better, as it would also work if I create additionnaly properties there.
3) Allow to undefine properties. A message could be add into the maven-build.properties, to list the properties that must be defined locally, as an ant property for instance.
4) Have a way to filter properties, based on their name or by a regular expression (like jupload.* for instance)
Etienne
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Moved: (MANT-62) Prevent passwords (or any 'secret' data) to
go into maven-build.properties
Posted by "Paul Gier (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MANT-62?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Gier moved MANTRUN-134 to MANT-62:
---------------------------------------
Affects Version/s: (was: 1.4)
(was: 1.3)
(was: 1.2)
(was: 1.1)
(was: 1.0)
Key: MANT-62 (was: MANTRUN-134)
Project: Maven 2.x Ant Plugin (was: Maven 2.x Antrun Plugin)
> Prevent passwords (or any 'secret' data) to go into maven-build.properties
> --------------------------------------------------------------------------
>
> Key: MANT-62
> URL: http://jira.codehaus.org/browse/MANT-62
> Project: Maven 2.x Ant Plugin
> Issue Type: Wish
> Environment: NA
> (FYI: eclipse, maven 2, windows)
> Reporter: Etienne
>
> Hi,
> I'm the main developper of jupload, an open-source project hosted on sourceforge. (FYI: an applet, which helps sending files to the server).
> This applet needs to be signed, thus I need to store on the local configuration two properties: the file containing the keystore, and its password. In my case, these properties are stored in a specific profilen named 'jupload', in the settings.xml.
> These properties must remain secret.
> I currently want to use your (nice!) ant plugin, to allow non mavenized users to work on the applet.
> But ...
> ... when using the ant:ant goal, all available properties are stored into the maven-build.properties file. So I must be careful, not to through my keystore password away.
> So, my wish is: have a way to hide 'secret' properties.
> I see several way to do this, without knowing what is feasible:
> 1) Prevent the ant:ant goal to capture properties. These properties could be managed like the build.xml file: have a maven-build.properties (with maven and project properties), and another properties file. This last file would be created once, like the build.properties, and would be overriden only with a specific configuration parameter, like the build.xml file.
> 2) Disallow the profile 'jupload', which contain the password. Would be the better, as it would also work if I create additionnaly properties there.
> 3) Allow to undefine properties. A message could be add into the maven-build.properties, to list the properties that must be defined locally, as an ant property for instance.
> 4) Have a way to filter properties, based on their name or by a regular expression (like jupload.* for instance)
> Etienne
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira