Wouldn't this alternative still require that the script pass the userid and password on the command line using -D arguments and therefore still visible on the ps command?
Created JIRA issue http://issues.apache.org/jira/browse/GERONIMO-766 John Aaron Mulder <[EMAIL PROTECTED]> wrote on 15/07/2005 09:59:45 PM: > Another alternative is to let the user put the username and > password in environment variables, and then have a deployer start script > that sends them in as system properties. > > Aaron > > On Fri, 15 Jul 2005 [EMAIL PROTECTED] wrote: > > Currently if someone specifies a userid and password on the command line > > to the deploy tool, it could be visible to other UNIX users via ps > > commands. > > > > Should we enable the user to point the deployer to a properties file > > (stored in a secured location) that contains the userid and password. That > > would be more secure for cases where the tool is being called by scripts > > and the userid/password prompting is not desired. > > > > Our documentation should also remind users about this security issue. > > > > Does this sound reasonable for a new JIRA task? > > > > John > >
