You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Jeremy Boynes (JIRA)" <de...@geronimo.apache.org> on 2004/11/12 01:21:23 UTC
[jira] Created: (GERONIMO-478) Deployer must not echo password when prompting
Deployer must not echo password when prompting
----------------------------------------------
Key: GERONIMO-478
URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
Project: Apache Geronimo
Type: Bug
Components: deployment
Reporter: Jeremy Boynes
When no password is specified on the command line the deployer prompts the user for one.
When this is being entered it is echoed onto the screen.
On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
Re: [jira] Commented: (GERONIMO-478) Deployer must not echo password
when prompting
Posted by Jeremy Boynes <jb...@gluecode.com>.
Hiram Chirino (JIRA) wrote:
> [
> http://nagoya.apache.org/jira/browse/GERONIMO-478?page=comments#action_56397
> ]
>
> Hiram Chirino commented on GERONIMO-478:
> ----------------------------------------
>
> The password hiding strategy that the patch uses is not very optimal
> since it is continously updating the screen to overwrite the typed
> password. Over a slow ssh connection this "feature" might not be so
> good.
>
> Another approach might be to used something like
> http://jline.sourceforge.net/#reading_password We site says that
> jline is lgpl but
> http://web1.2020media.com/j/jez/javanicuscom/blog2/items/162-index.html
> seems to indicate that it has recently relicensed as BSD.
>
I agree with Hiram here that the overwrite the text approach is going to
be problematic. JLine's approach of using platform specific code seems a
better way to go.
I would suggest looking at a JAAS based mechanism where people can plug
the credential gathering mechanism (e.g. to use a popup dialog, platform
specific console control, local certificate store, ...)
--
Jeremy
[jira] Commented: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Hiram Chirino (JIRA)" <de...@geronimo.apache.org>.
[ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=comments#action_56397 ]
Hiram Chirino commented on GERONIMO-478:
----------------------------------------
The password hiding strategy that the patch uses is not very optimal since it is continously updating the screen to overwrite the typed password. Over a slow ssh connection this "feature" might not be so good.
Another approach might be to used something like http://jline.sourceforge.net/#reading_password
We site says that jline is lgpl but http://web1.2020media.com/j/jez/javanicuscom/blog2/items/162-index.html seems to indicate that it has recently relicensed as BSD.
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
> Project: Apache Geronimo
> Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Attachments: geronimo-478.patch, geronimo-478.patch
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Petr Sickboy Hejl (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-478?page=comments#action_59242 ]
Petr Sickboy Hejl commented on GERONIMO-478:
--------------------------------------------
I made some experimets and I suppose there exist only two possible solutions for this.
1) native (which I generaly don't like in java)
2) console echo rewriting presented in posted patch
Problem is that, there is no way how to disable console echo (or manipulate it) from java :(
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://issues.apache.org/jira/browse/GERONIMO-478
> Project: Apache Geronimo
> Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Attachments: geronimo-478.patch, geronimo-478.patch
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
RE: [jira] Updated: (GERONIMO-478) Deployer must not echo password when
prompting
Posted by si...@insession.com.
Is this code originally from
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=490728 or
http://forum.java.sun.com/thread.jspa?threadID=542790&messageID=2667479 ,
if so shouldn't the notice be included somewhere (link to notice on bottom
right of pages)?
Dotting the I's and crossing the T's..
John
"Chandresh Taunk" <ch...@hotmail.com>
08/12/2004 11:45 AM
Please respond to
dev@geronimo.apache.org
To
<de...@geronimo.apache.org>
cc
Subject
RE: [jira] Updated: (GERONIMO-478) Deployer must not echo password when
prompting
Sorry about that. I've attached another patch to the issue on JIRA. I
couldn't figure out how to delete the previous one. The correct patch is
bigger in size.
-Chandresh
-----Original Message-----
From: Dain Sundstrom [mailto:dsundstrom@gluecode.com]
Sent: Tuesday, December 07, 2004 2:58 PM
To: dev@geronimo.apache.org
Subject: Re: [jira] Updated: (GERONIMO-478) Deployer must not echo
password
when prompting
From your patch:
if(password == null) {
- out.print("Password: ");
- out.flush();
- password = in.readLine();
+ PasswordField passWd = new PasswordField(out, in,
"Password: ");
+ password = new String(passWd.readConsoleSecure());
I looks like you forgot to add the PasswordField.java file before
running svn diff?
-dain
--
Dain Sundstrom
Chief Architect
Gluecode Software
310.536.8355, ext. 26
On Dec 7, 2004, at 2:33 PM, Chandresh Taunk (JIRA) wrote:
> [ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=history ]
>
> Chandresh Taunk updated GERONIMO-478:
> -------------------------------------
>
> Attachment: geronimo-478.patch
>
>> Deployer must not echo password when prompting
>> ----------------------------------------------
>>
>> Key: GERONIMO-478
>> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
>> Project: Apache Geronimo
>> Type: Bug
>> Components: deployment
>> Reporter: Jeremy Boynes
>> Attachments: geronimo-478.patch
>>
>> When no password is specified on the command line the deployer
>> prompts the user for one.
>> When this is being entered it is echoed onto the screen.
>> On a windows machine the value entered is also displayed if up-arrow
>> is pressed when being prompted.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> http://nagoya.apache.org/jira/secure/Administrators.jspa
> -
> If you want more information on JIRA, or have a bug to report see:
> http://www.atlassian.com/software/jira
RE: [jira] Updated: (GERONIMO-478) Deployer must not echo password when prompting
Posted by Chandresh Taunk <ch...@hotmail.com>.
Sorry about that. I've attached another patch to the issue on JIRA. I
couldn't figure out how to delete the previous one. The correct patch is
bigger in size.
-Chandresh
-----Original Message-----
From: Dain Sundstrom [mailto:dsundstrom@gluecode.com]
Sent: Tuesday, December 07, 2004 2:58 PM
To: dev@geronimo.apache.org
Subject: Re: [jira] Updated: (GERONIMO-478) Deployer must not echo password
when prompting
From your patch:
if(password == null) {
- out.print("Password: ");
- out.flush();
- password = in.readLine();
+ PasswordField passWd = new PasswordField(out, in,
"Password: ");
+ password = new String(passWd.readConsoleSecure());
I looks like you forgot to add the PasswordField.java file before
running svn diff?
-dain
--
Dain Sundstrom
Chief Architect
Gluecode Software
310.536.8355, ext. 26
On Dec 7, 2004, at 2:33 PM, Chandresh Taunk (JIRA) wrote:
> [ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=history ]
>
> Chandresh Taunk updated GERONIMO-478:
> -------------------------------------
>
> Attachment: geronimo-478.patch
>
>> Deployer must not echo password when prompting
>> ----------------------------------------------
>>
>> Key: GERONIMO-478
>> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
>> Project: Apache Geronimo
>> Type: Bug
>> Components: deployment
>> Reporter: Jeremy Boynes
>> Attachments: geronimo-478.patch
>>
>> When no password is specified on the command line the deployer
>> prompts the user for one.
>> When this is being entered it is echoed onto the screen.
>> On a windows machine the value entered is also displayed if up-arrow
>> is pressed when being prompted.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> http://nagoya.apache.org/jira/secure/Administrators.jspa
> -
> If you want more information on JIRA, or have a bug to report see:
> http://www.atlassian.com/software/jira
Re: [jira] Updated: (GERONIMO-478) Deployer must not echo password when prompting
Posted by Dain Sundstrom <ds...@gluecode.com>.
From your patch:
if(password == null) {
- out.print("Password: ");
- out.flush();
- password = in.readLine();
+ PasswordField passWd = new PasswordField(out, in,
"Password: ");
+ password = new String(passWd.readConsoleSecure());
I looks like you forgot to add the PasswordField.java file before
running svn diff?
-dain
--
Dain Sundstrom
Chief Architect
Gluecode Software
310.536.8355, ext. 26
On Dec 7, 2004, at 2:33 PM, Chandresh Taunk (JIRA) wrote:
> [ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=history ]
>
> Chandresh Taunk updated GERONIMO-478:
> -------------------------------------
>
> Attachment: geronimo-478.patch
>
>> Deployer must not echo password when prompting
>> ----------------------------------------------
>>
>> Key: GERONIMO-478
>> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
>> Project: Apache Geronimo
>> Type: Bug
>> Components: deployment
>> Reporter: Jeremy Boynes
>> Attachments: geronimo-478.patch
>>
>> When no password is specified on the command line the deployer
>> prompts the user for one.
>> When this is being entered it is echoed onto the screen.
>> On a windows machine the value entered is also displayed if up-arrow
>> is pressed when being prompted.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> http://nagoya.apache.org/jira/secure/Administrators.jspa
> -
> If you want more information on JIRA, or have a bug to report see:
> http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Chandresh Taunk (JIRA)" <de...@geronimo.apache.org>.
[ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=history ]
Chandresh Taunk updated GERONIMO-478:
-------------------------------------
Attachment: geronimo-478.patch
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
> Project: Apache Geronimo
> Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Attachments: geronimo-478.patch
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
[jira] Closed: (GERONIMO-478) Deployer must not echo password when
prompting
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-478?page=all ]
Vamsavardhana Reddy closed GERONIMO-478.
----------------------------------------
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://issues.apache.org/jira/browse/GERONIMO-478
> Project: Geronimo
> Issue Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Assigned To: Aaron Mulder
> Fix For: 1.0-M4
>
> Attachments: geronimo-478.patch, geronimo-478.patch
>
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Chandresh Taunk (JIRA)" <de...@geronimo.apache.org>.
[ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=history ]
Chandresh Taunk updated GERONIMO-478:
-------------------------------------
Attachment: geronimo-478.patch
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://nagoya.apache.org/jira/browse/GERONIMO-478
> Project: Apache Geronimo
> Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Attachments: geronimo-478.patch, geronimo-478.patch
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
Re: [jira] Resolved: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Geir Magnusson Jr." <ge...@apache.org>.
ROTFL
Or hope that it crashes and erases the cmd line buffer.
geir
On Jul 9, 2005, at 9:08 PM, Dain Sundstrom wrote:
> We could detect we are on windows and pop up a dialog box.... it is
> windows after all.
>
> -dain
>
> On Jul 9, 2005, at 4:11 PM, Aaron Mulder (JIRA) wrote:
>
>
>> [ http://issues.apache.org/jira/browse/GERONIMO-478?page=all ]
>>
>> Aaron Mulder resolved GERONIMO-478:
>> -----------------------------------
>>
>> Fix Version: 1.0-M4
>> Resolution: Fixed
>> Assign To: Aaron Mulder
>>
>> The attached patch is based heavily on forum posts. I'm not sure
>> what the issues might be in applying the Apache license to it. I
>> implented a similar (if somewhat less generic) feature from scratch.
>>
>> I'm not ready to move to a native-code based feature such as
>> JLine, though it's probably worth additional investigation.
>>
>> I don't know how this will behave with the up arrow on Windows,
>> but at least it achieves the primary goal of not echoing
>> characters while they are typed. If that doesn't solve the
>> Windows issue, there's probably nothing to do except investigate
>> native code.
>>
>>
>>
>>> Deployer must not echo password when prompting
>>> ----------------------------------------------
>>>
>>> Key: GERONIMO-478
>>> URL: http://issues.apache.org/jira/browse/GERONIMO-478
>>> Project: Geronimo
>>> Type: Bug
>>> Components: deployment
>>> Reporter: Jeremy Boynes
>>> Assignee: Aaron Mulder
>>> Fix For: 1.0-M4
>>> Attachments: geronimo-478.patch, geronimo-478.patch
>>>
>>> When no password is specified on the command line the deployer
>>> prompts the user for one.
>>> When this is being entered it is echoed onto the screen.
>>> On a windows machine the value entered is also displayed if up-
>>> arrow is pressed when being prompted.
>>>
>>>
>>
>> --
>> This message is automatically generated by JIRA.
>> -
>> If you think it was sent incorrectly contact one of the
>> administrators:
>> http://issues.apache.org/jira/secure/Administrators.jspa
>> -
>> For more information on JIRA, see:
>> http://www.atlassian.com/software/jira
>>
>>
>
>
--
Geir Magnusson Jr +1-203-665-6437
geirm@apache.org
Re: [jira] Resolved: (GERONIMO-478) Deployer must not echo password when prompting
Posted by Dain Sundstrom <da...@iq80.com>.
We could detect we are on windows and pop up a dialog box.... it is
windows after all.
-dain
On Jul 9, 2005, at 4:11 PM, Aaron Mulder (JIRA) wrote:
> [ http://issues.apache.org/jira/browse/GERONIMO-478?page=all ]
>
> Aaron Mulder resolved GERONIMO-478:
> -----------------------------------
>
> Fix Version: 1.0-M4
> Resolution: Fixed
> Assign To: Aaron Mulder
>
> The attached patch is based heavily on forum posts. I'm not sure
> what the issues might be in applying the Apache license to it. I
> implented a similar (if somewhat less generic) feature from scratch.
>
> I'm not ready to move to a native-code based feature such as JLine,
> though it's probably worth additional investigation.
>
> I don't know how this will behave with the up arrow on Windows, but
> at least it achieves the primary goal of not echoing characters
> while they are typed. If that doesn't solve the Windows issue,
> there's probably nothing to do except investigate native code.
>
>
>> Deployer must not echo password when prompting
>> ----------------------------------------------
>>
>> Key: GERONIMO-478
>> URL: http://issues.apache.org/jira/browse/GERONIMO-478
>> Project: Geronimo
>> Type: Bug
>> Components: deployment
>> Reporter: Jeremy Boynes
>> Assignee: Aaron Mulder
>> Fix For: 1.0-M4
>> Attachments: geronimo-478.patch, geronimo-478.patch
>>
>> When no password is specified on the command line the deployer
>> prompts the user for one.
>> When this is being entered it is echoed onto the screen.
>> On a windows machine the value entered is also displayed if up-
>> arrow is pressed when being prompted.
>>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the
> administrators:
> http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>
[jira] Resolved: (GERONIMO-478) Deployer must not echo password when prompting
Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-478?page=all ]
Aaron Mulder resolved GERONIMO-478:
-----------------------------------
Fix Version: 1.0-M4
Resolution: Fixed
Assign To: Aaron Mulder
The attached patch is based heavily on forum posts. I'm not sure what the issues might be in applying the Apache license to it. I implented a similar (if somewhat less generic) feature from scratch.
I'm not ready to move to a native-code based feature such as JLine, though it's probably worth additional investigation.
I don't know how this will behave with the up arrow on Windows, but at least it achieves the primary goal of not echoing characters while they are typed. If that doesn't solve the Windows issue, there's probably nothing to do except investigate native code.
> Deployer must not echo password when prompting
> ----------------------------------------------
>
> Key: GERONIMO-478
> URL: http://issues.apache.org/jira/browse/GERONIMO-478
> Project: Geronimo
> Type: Bug
> Components: deployment
> Reporter: Jeremy Boynes
> Assignee: Aaron Mulder
> Fix For: 1.0-M4
> Attachments: geronimo-478.patch, geronimo-478.patch
>
> When no password is specified on the command line the deployer prompts the user for one.
> When this is being entered it is echoed onto the screen.
> On a windows machine the value entered is also displayed if up-arrow is pressed when being prompted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira