If you omit the username and password, you'll be prompted for them. They still echo, though. The most secure way currently is to pipe the username and/or password to the deploy tool and leave the arguments off the command line. It would be nice if we could disable echo for the password prompt, but I don't know how to do that.
Aaron On Fri, 26 Nov 2004, Deepak Nayal wrote: > Hi > > This is the very first day that I have started to use Geronimo :-) > > After going through its docs, it seems that the deployment needs the username > and the password whch are given as arguments to the DeployTool class. > However, I believe this is a security threat as a hacker can check out the > history list in UNIXes and can get the USER/PASS. So I believe we should have > a tool which encrypts the user/pass and puts them in a file and then that > filename can be passed as the argument to the DeployTool class. The > 'org.apache.geronimo.deployment.cli.ServerConnection' class can be edited to > reflect this change. > > My sincere apologise if this seems to be a wierd idea. > Please do let me know your views. > > Regards > Deepak Nayal > > > > > > > > > > > > > > > --------------------------------- > Do you Yahoo!? > Meet the all-new My Yahoo! – Try it today!